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Abstract 


This  report,  part  of  INPUT'S  Electronic  Commerce  Program,  analyzes  market 
trends  for  electronic  payment  methods.  It  provides  insights  into  how 
payment  processes  will  change  as  a  result  of  the  Internet.  Representatives  of 
50  corporate  users,  10  payment  processing  services,  8  bankers  and  3 
financial  regulators  were  interviewed  to  capture  data  and  commentary  about 
the  potential  opportunities  available  in  this  market. 

Electronic  Payment  Methodologies  identifies  the  payment  methodologies  that 
are  most  likely  to  be  widely  adopted.  It  also  discusses  trends,  issues,  and 
future  technology  directions. 

The  report  contains  125  pages  and  50  exhibits. 
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Introduction 


A  

Purpose 

Payment  systems  are  being  revolutionized  with  the  explosion  of  Internet 
commerce  activity.  Paper  currency,  electronic  funds  transfer  (EFT), 
electronic  data  interchange  (EDI),  automatic  teller  machine  (ATM)  networks, 
and  credit  card  processing  are  well-established  payment  vehicles  that  form  a 
foundation  for  newer  developments. 

The  pros  and  cons  of  payment  systems  from  the  perspective  of  payors, 
payees,  and  financial  services  providers  are  analyzed.  The  report  describes 
the  advantages  and  disadvantages  of  newer  payment  systems  like  digital 
cash,  smart  cards,  and  E-Checks.  It  addresses  questions  such  as: 

•  Which  technologies  support  emerging  payment  systems? 

•  What  is  needed  for  successful  commercialization  of  payment  systems? 

•  How  can  investment  in  global  settlement  systems  be  leveraged  by  newer 
payment  systems? 

•  How  do  purchasing  departments  pay  using  credit  and  other  cards  today? 

B  

Scope 

This  report  covers  business-to-business  as  well  as  consumer-to-business 
payment  methods.  It  reviews  traditional  and  emerging  payment  methods, 
including  smart  cards,  software-based  payment,  E-Checks  and  credit  cards. 
The  majority  of  the  interviews  were  in  the  U.S.,  though  some  bank  personnel 
in  Europe  were  interviewed.  The  vendors  covered  primarily  sell 
products-services  vendors  are  not  covered  in  detail. 
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c  

Methodology 

The  report  is  based  on  in-depth  interviews  with  10  payment  service 
providers,  three  financial  regulators,  eight  banks,  and  50  business  users  of 
payment  methods.  Telephone  and  e-mail  were  both  used  to  conduct  the 
surveys. 

In  addition,  secondary  research  from  vendor  literature,  on-line  services  and 
INPUT'S  extensive  vendor  files  was  used. 

D  

Report  Organization 

The  report  is  divided  into  six  chapters  and  two  appendixes.  The  remaining 
chapters  of  this  report  include: 

Chapter  II,  Executive  Overview,  offers  an  overview  of  the  analysis  conducted 
as  part  of  the  study  and  summarizes  report  findings.  It  provides  a  briefing 
for  a  senior  executive  who  wants  to  understand  the  most  important  issues 
and  conclusions  without  reviewing  the  entire  study. 

Chapter  III,  Established  Payment  Methods,  examines  current  payment 
systems  and  analyzes  their  benefits,  pitfalls,  and  the  current  state  of  the  art. 

Chapter  IV,  Emerging  Payment  Methods  and  Vendors,  examines  emerging 
payment  systems,  both  for  the  Internet  and  for  storefront  payments.  It 
analyzes  their  processes,  potential  customers,  security  considerations, 
advantages,  disadvantages,  and  market  acceptance.  This  is  followed  by  an 
assessment  of  the  method. 

Chapter  V,  User  Awareness,  examines  how  users  are  reacting  to  new 
payment  methods.  Benefits  and  barriers  to  acceptance  for  new  payment 
methods  are  analyzed.  Existing  payment  system  acceptance  is  also  analyzed. 

Chapter  VI,  Issues,  discusses  payment  and  legal  issues. 

Appendix  A  provides  a  glossary  of  key  Internet  terminology. 

Appendix  B  contains  the  vendor  names  and  addresses,  standards 
committees,  and  associations. 
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E  

Intended  Audience 

Electronic  Payment  Methodologies  is  designed  for: 

•  Storefront  merchants  and  Internet  merchants 

•  Payment  processors  and  financial  institutions 

•  Value-added  network  (VAN)  and  Internet  service  providers 

•  Systems  integrators,  hardware  manufacturers,  and  software  vendors 
selling  into  payment  processing-related  markets 

•  Regulators  and  government  organizations  that  need  to  use  or  monitor 
payment  processes 

•  Internet  technology  vendors 
It  will  help  readers: 

•  Decide  on  which  payment  methodologies  to  invest  in 

•  Analyze  competing  payment  processing  service  providers 

•  Understand  trends  and  market  directions 

•  Develop  business  plans  and  marketing  presentations 

F  

Related  Reports 

INPUT  offers  Electronic  Commerce  and  Internet  subscription  programs  that 
track  commerce  technologies  and  issues.  The  following  INPUT  reports  are  of 
related  interest: 

•  Electronic  Catalogs,  Web  Storefronts  and  Internet  Malls,  1995 

•  Electronic  Commerce  Over  the  Internet,  1996 

•  Internet  Sales  and  Marketing  Directions,  1995 

•  Using  the  Internet  for  Business  Operations,  1995 

•  Internet  Application  Case  Studies,  1995 

•  Internet  Security:  The  Impact  of  Firewalls  on  Client  I  Server  Applications, 
1995 

•  Electronic  Commerce  Markets  and  Forecast,  1995-2000 


EEA6 


1997  by  INPUT  Reproduction  Prohibited. 


3 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


(Blank) 


4 


©  1997  by  INPUT.  Reproduction  Prohibited. 


EEA6 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


Executive  Overview 


A  

Summary 

Several  credit  card  and  micropayment  schemes  are  being  proposed  for  the 
Internet.  The  current  preferred  payment  method  for  Internet  transactions  is 
to  use  a  credit  card.  Visa,  MasterCard,  American  Express,  VeriFone, 
Microsoft  and  others  are  working  on  SET  (Secure  Electronic  Transactions) 
standards  for  credit  card  processing  over  the  Internet  and  these  are  likely  to 
be  widely  accepted. 

Mondex,  initiated  by  National  Westminster  Bank  in  the  U.K.,  is  gaining 
global  acceptance  by  banks  and  is  a  strong  contender  for  a  micropayment 
cash  card  scheme  for  both  storefront  and  network  transactions.  CyberCash, 
currently  with  a  proprietary  scheme,  will  follow  SET  standards  and  is  likely 
to  be  a  major  technology  supplier  and  payment  systems  vendor.  Smaller 
companies  like  DigiCash  may  have  to  find  niche  markets,  lest  they  be 
overtaken  by  Mondex  and  credit  card  vendors'  cash  card  schemes.  Visa  and 
MasterCard  will  not  allow  the  electronic  cash  systems  vendors  to  encroach 
on  their  markets  and  will  also  be  major  players. 

Digital  signature  schemes  are  starting  to  be  accepted  and  are  slowly 
gathering  momentum.  Signatures  stored  in  wallets  and  on  computers  will 
become  common  at  the  beginning  of  the  next  century.  There  will  be 
tremendous  opportunities  for  manufacturers  of  POS  (point-of-sale)  and 
payment  processing  systems  to  upgrade  the  equipment  of  merchants,  banks, 
and  payment  service  companies.  Security  will  become  tighter  as  systems 
evolve  and  excellent  opportunities  in  supporting,  building,  and  testing 
security  systems  will  develop. 
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B  

Key  Trends  and  Issues 

Exhibit  II- 1  lists  key  trends  and  issues  regarding  electronic  payments. 
Security  challenges  will  increase  as  fraud  and  hacker  activity  grows.  Digital 
signatures  and  encryption  schemes  will  make  Internet  payment  schemes 
safer  than  traditional  checks  that  can  be  stolen,  counterfeited,  or  signed  with 
forged  signatures.  Money  laundering  may  be  a  long-term  issue. 


Exhibit  11-1 

Trends,  Issues,  and  Opportunities 


Trend 

Issues 

Opportunities 

Security 

•  SET  acceptance  for  credit  card  Internet 
transactions 

•  Digital  signatures  will  be  gradually 
accepted  -  Certificate  Authorities  will  be 
a  new  type  of  organization 

•  Fraud  will  increase,  although  many 
Internet  schemes  are  safer  than  current 
payment  scnemes 

•  Payment  processors  and  banks  can  offer 
Internet  services 

•  Services  and  products  based  around 
security 

•  .  Digital  signature  verification  and 

authentication  services 

•  Fraud  detection  systems 

Smart  Cards 

•  Cost  of  merchant  equipment 

•  Consumer  acceptance 

•  Competition  from  debit  cards, 
particularly  in  the  U.S. 

•  Card  introduction  in  a  new  area  -  how  to 
run  pilot  systems 

•  For  business-to-business  trade,  POs 
and  checks  are  still  preferred,  although 
purchasing  cards  are  increasingly  used 

•  POS  system  upgrades 

•  Global  vendor  systems  to  support 
worldwide  purchasing  -  purchase  here, 
deliver  there 

•  Internet  credit  card  processing  turnkey 
systems 

•  Smart  card  "on  the  street"  and  "on  the  net" 
systems 

•  Smart  cards  are  likely  to  be  used  for  small 
amounts 

Robust 
Messaging 

•  More  intelligent  messages  that  include 
digital  signatures 

•  More  reliable  message  routing 

•  Multimedia  messaging 

•  Services  that  rely  on  signed  documents 

•  Directory  and  routing  services 

•  Higher  speed  private  networks 

•  New  businesses  that  sell  small  items  and 
accept  digital  cash  will  become  popular 
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Exhibit  11-1 
(Cont.) 

Trends,  Issues,  and  Opportunities  (Cont.) 


Trend 

Issues 

Opportunities 

Intprnpt  fihonninn 

IlllCllld  Ol  I 1  ly 

•  Will  Intprnpt  mall1?  ^urrpprl  anrl  who 

V  V  1 1 1    II  ll^l  1  ICl  II  ICil  1 0  OUUV/CtU,    CI  1  1 VJ    VV  1  1  \J 

will  run  them  -  banks,  Internet  service 
providers,  telecommunications 
companies,  or  financial  payment 
processors? 

•  What  payment  methods  will  be 
preferred  -  a  global  digital  currency 
could  impact  national  economies 

•  Pavmpnt  rpnnrtinn  anrl  flata  annrpnatinn 

i    OA  y  l  l  I  v>  I  ii  i  ^uui  ui  ly  ui  i  \_j  uuiu  uuu  i  ^/Uullvl  l 

will  differentiate  merchant  services 

•  Merchant  services  to  support  Internet 
shopping 

•  Interfacing  existing  credit  and  debit  card 
processing  systems  to  the  Internet 

•  Check  truncation  systems,  particularly 
scanning  devices  to  capture  check 
information 

Outsourcing  data 
management 

•  New  level  of  detail  possible  with  Internet 
payments 

•  Merchant  services  will  increasingly  be 
outsourced 

•  Customer  analysis  and  reporting  software 

•  Long-term  outsourcing  contracts 

•  New  applications  that  can  be  outsourced, 
for  example  transaction  payment  services 
using  products  like  Open  Market's  OM- 
Transact 

Source:  INPUT 


c  

Which  Payment  Systems  Will  Win? 

1.  Outlook 

Credit  cards  clearly  have  an  early  lead  for  payment  over  the  Internet,  but  for 
smaller  transactions  or  anonymous  purchases  they  are  unsuitable. 

Businesses  continue  to  prefer  checks  to  any  other  form  of  payment,  although 
the  use  of  purchasing  cards  is  growing. 

The  Internet  will  fuel  further  growth  of  purchasing  cards.  Debit  cards  will 
increasingly  be  popular,  but  may  have  limited  use  overseas. 

Cash  cards  are  more  widely  used  in  Europe  and  Japan  than  in  the  U.S. 
Vendors  like  Mondex  that  can  combine  Internet  payment  methods  with  those 
for  storefronts  are  at  an  advantage  over  vendors  that  support  either  the 
Internet  or  storefronts. 

Both  checks  and  cash  will  see  declining  use  over  the  next  10  years.  However, 
neither  is  in  danger  of  disappearing.  Singapore,  for  example,  aims  for  a 
cashless  society,  but  for  most  countries  this  will  be  impractical. 


EEA6 


©  1997  by  INPUT  Reproduction  Prohibited 


7 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


Exhibit  II-2  lists  the  traditional  payment  systems  reviewed  in  this  report 
and  summarizes  their  outlook. 


Exhibit  11-2 

Outlook  for  Traditional  Payment  Systems 

Payment  System 

Outlook 

Cash 

•  Will  decline  in  use,  particularly  small-denomination  coins 

•  Debit  and  credit  cards  will  be  the  main  alternatives 

•  If  cash  declines  significantly,  central  banks  will  be  at  risk  of  losing  interest  and 
therefore  will  want  to  be  involved  in  issuing  digital  currencies  long  term  -  this 
will  counteract  technology  providers'  tendency  to  develop  global  currencies 

Checks 

•  Check  truncation  with  image  scanning  at  point  of  capture  will  take  advantage  of 
existing  systems 

•  Paper  checks  will  always  be  used  for  some  transactions,  but  a  decline  in  their 
use  can  be  expected  toward  the  end  of  the  20th  century 

EFT  or  ACH  Transfers 

•    CheckFree,  the  Quicken  Financial  Network,  and  other  services  that  enable 
consumers  and  businesses  to  pay  checks  electronically  will  compete  with 
Internet  payment  schemes 

ATM  Machines 

•  More  global  connections  via  Cirrus,  Plus,  Link,  and  other  networks 

•  Mainly  used  by  consumers,  more  intelligent  ATMs  that  provide  other  services, 
like  smart  card  replenishment,  are  being  designed 

•  May  be  adapted  to  supply  other  goods,  i.e.,  airline  tickets,  stamps 

Credit,  Debit  and  Cash 
Cards 

•  Mondex  is  a  promising  smart  card  scheme  for  both  storefront  and  Internet 
purchases 

•  Visa  Cash  and  similar  credit  card  company  schemes  will  likely  be  successful 

Trade  Credit 

•    Will  continue,  because  practices  to  support  it  are  widely  implemented 

Source:  INPUT 

Exhibit  II-3  lists  the  major  emerging  payment  systems  reviewed  in  this 
report  and  summarizes  their  outlook. 
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Exhibit  11-3 

Outlook  for  Emerging  Payment  Systems 


Payment  System 

Outlook 

CyberCash  Cards  and 

uUII  1 

•  CyberCash  will  move  to  SET  standards  as  they  evolve  and  is  likely  to  be  a  major 

navmpnt  t!\/<;tpm<;  \/pnrlnr 

•  Its  coin  scheme  is  subject  to  considerable  competition  and  its  future  is  less 
clear. 

DigiCash  ECash 

•  ECash  is  likely  to  be  a  niche  product  that  is  used  by  small  businesses  that 
cannot  obtain  credit  card  processing,  although  over  time  they  are  expected  to 
have  agreements  with  service  bureaus  and  banks  to  undertake  their  payment 
processing. 

•  It  lark<5  thp  c;iinnnrt  of  hin  hn^inpc;^  to  hp  a  ^prion*?  thrpat  to  national  pi  irrpnHpi 

FSTC  E-Check 

•  After  a  somewhat  shaky  start,  the  pilot  was  demonstrated  in  September  1 996.  A 
full  pilot  trial  is  expected  by  early  1997. 

•  Skepticism  surrounds  E-Check  because  it  automates  the  paper  process  and 
seems  cumbersome  to  credit  card  processors  who  have  overcome  many  of  the 
problems  that  the  FSTC  is  trying  to  solve. 

•  This  is  likely  to  merge  with  other  schemes  for  digital  payment  as  they  are 
adopted  and  clear  winners  emerge. 

Pirct  \/irti  lal 

ill  ol  V  II  LUdl 

m       F-irct  \/i r*t 1 1 o I  hac  an  innri\/£iti\/o  c\/ctom  that  onahloc  morphantc  \r\  or^orit  r>rc±r\\i 
9        rilol  VlllUdl  lido  dl  I  II  M  HJvdll  Vt;  oyololll  U  Idl  d  IdUIco  I 1  ItJlOI  Idi  ILo  LU  dUUcfJl  UltJUIL 

card  payment  even  when  they  may  not  qualify  to  accept  credit  card  payments. 

•  This  system  mainly  supports  small  businesses. 

•  First  Virtual  keeps  its  credit  card  numbers  off  the  net  for  security,  but  this  makes 
the  processing  more  labor  intensive  than  some  of  the  other  schemes. 

•  As  standards  emerge,  First  Virtual  may  need  to  become  a  payment  processor 
for  other  schemes,  as  it  is  unlikely  that  its  processes  will  survive  in  the  face  of 
competition  from  Mondex,  Visa,  and  others. 

Mondex  and  Visa  Cash 
Cards 

•     Mondex  is  a  promising  smart  card  scheme,  initiated  by  National  Westminster 
Bank  in  the  U.K.,  for  both  storefront  and  Internet  purchases.  Mondex  has  global 
partners  and  a  strong  awareness  of  the  entire  payment  processing  environment, 
including  government  regulations,  that  a  smaller  vendor  cannot  match. 

SET  Credit  Card 
Processing 

•    Widespread  vendor  support  and  the  popularity  of  credit  card  payment  for 
Internet  transactions  make  this  a  promising  approach.  For  all  except  the 
smallest  items  it  is  likely  to  be  the  primary  means  of  purchasing  goods  on  the 
Internet. 

SSL  Netscape 

•  This  is  a  simple  standard  for  securing  a  Web  server,  not  a  complete  payment 
methodology. 

•  It  has  been  a  quick  fix  for  Web  merchants,  but  is  likely  to  be  integrated  into  more 
sophisticated  systems  that  use  SET. 

Source:  INPUT 
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2.        Five-Year  Outlook 

a)  1996-Year  of  Internet  Prototype  Commerce 

•  SSL-enabled  commerce  Web  servers  for  simple  credit  card  encryption 

•  CyberCash  and  SET  implementations  start  to  be  available 

•  Web  use  is  mainly  for  promotion,  with  some  order  taking 

b)  1997 -Commerce  Pilots  Move  to  Significant  Systems 

•  Web  ordering  takes  off,  many  more  commerce-enabled  Web  servers 

•  Digital  signatures  start  to  be  used  and  become  a  status  symbol 

•  Wide  availability  of  SET  systems,  software  and  services 

•  Internet  wallet  standard  emerges 

•  New  regulations  for  E-Check  and  stored  value  cards 

•  E-Check  and  check  truncation  FSTC  projects  continue 

•  Micropayment  cards  see  success  in  new  market  niches 

•  Network  computers  for  the  Internet  provide  more  low-cost  access, 
widening  the  potential  market  for  goods  sold  over  the  Internet 

•  Explosion  of  Web  catalogs,  especially  for  industrial  products 

•  Digital  certificates  foster  exchange  of  bills,  invoices,  and  POs  over  the 
Internet 

•  Internet  backbone  gets  upgraded  to  layered  network  offering  different 
classes  of  service  for  different  service  fees,  IPv6  increasing  number  of 
addressable  nodes 

c)  1998 1 1999-Year  of  the  Smart  Card 

•  Micropayment  schemes  shake  out,  difficult  times  for  vendors  like 
CyberCash  and  DigiCash  if  they  fail  to  adopt  standards 

•  Visa,  MasterCard,  Europay  roll  out  microprocessor  card  "wallets" 

•  Signed  E-Checks  complement  the  exchange  of  POs  over  the  Internet,  but 
acceptance  rate  is  slow,  given  competition  from  Visa  and  others 

•  Internet  bill  presentment  deployed 
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d)        2000/2001-Market  Maturity  Begins 

•  Banks  provide  Internet  business  services 

•  Business  accounting  software  incorporates  modules  for  paying  and  billing 
over  the  Internet 

•  Value  of  goods  and  services  traded  over  the  Internet  reaches  $165  billion 
in  2000  and  $600  billion  in  2001 

3.        Payment  Methodology  Positioning 

Exhibit  II-4  positions  payment  processing  methods  regarding  acceptance  and 
major  users.  Trade  credit  is  the  established  method  for  business-to-business 
transactions,  whether  via  purchase  order  (PO),  bartering,  or  letter  of  credit. 
Credit  cards  are  accepted  in  most  countries  of  the  world,  although  they  are 
more  extensively  used  in  the  U.S.  Until  recently,  when  purchasing  cards 
were  issued,  credit  cards  were  primarily  used  by  consumers  and  for  travel 
and  entertainment  (T&E)  in  business.  Increasingly  they  will  be  used  by 
businesses  for  purchasing  small  items  and  for  Web  transactions.  The  SET 
Internet  payment  scheme  endorsed  by  Visa,  MasterCard,  Microsoft, 
VeriFone  and  others  will  be  globally  endorsed  as  it  rolls  out  in  products  and 
services. 


Exhibit  11-4 


Payment  Processing  Method  Positioning 


Globa  I  Acceptance 


Na tional  Acceptance 


Niche  Acceptance 


Emerging 


Trade  Credit 


Credit  Cards 


Check 


SSL  Netscape 
For  Web  Servers 


EFT 


ATM  Machines 


Cash 


Debit  Cards 


Cash  Cards  -  Mondex,  Visa 


SET  Internet  Credit  Card 


CyberCash  Coin 


FSTC  E-Check 


First  Virtual 


DigiCash  ECash 


Mainly  Business 


Both  Business  and  Consumer 


Mainly  Consumer 
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Conclusions 


•  Digital  currencies  are  still  in  their  infancy  and  no  clear  digital  cash 
winner  has  yet  emerged. 

•  Credit  cards  and  the  SET  standards  offer  promise  as  an  Internet 
payment  method  that  is  likely  to  succeed  rapidly. 

•  Merchants  are  sensitive  to  costs.  If  a  scheme  has  high  costs,  like  credit 
card  processing,  then  it  must  offer  additional  benefits  such  as  superior 
reporting. 

•  Fast  processing  gives  a  methodology  a  competitive  advantage,  but  bear  in 
mind  that  merchants  may  want  some  time  to  pay  bills.  One  way  to 
address  this  is  to  waive  transaction  charges  for  certain  classes  of 
electronic  transactions  to  encourage  faster  payment,  just  as  POs  offer 
advantageous  terms  for  early  payment. 

•  Excellent  customer  relationships  will  increasingly  differentiate  payment 
processors  and  service  providers. 

•  Network  and  Internet  technology  is  sometimes  hard  to  implement 
reliably.  Systems  must  be  set  up  that  make  it  easy  for  customers  to  link 
to  other  systems. 

•  Use  of  widely  accepted  standards,  such  as  SET,  are  essentials  for  any 
transaction  processor. 

•  Transaction  processing  can  be  differentiated  by  bundling  marketing  data 
with  an  aggregate  transaction  report.  Service  providers  need  to 
understand  how  they  can  expand  data  capture  and  data  aggregation 
processes  to  offer  added  value. 


•  Watch  emerging  smart  card  standards  carefully;  don't  go  it  alone.  Ensure 
that  other  merchants  in  your  market  or  region  are  using  the  same 
technology. 

•  Invest  in  multipurpose  equipment. 


E 


Recommendations 


1. 


Recommendations  for  Merchants 
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•  Offer  your  goods  and  services  on  the  Web. 

•  Consider  using  a  service  provider,  bank,  or  payment  processor  to  handle 
Internet  Web  commerce  functions. 

2.  Recommendations  for  Non-storefront  Businesses 

•  Evaluate  where  purchasing  cards  can  best  be  used. 

•  Consider  using  the  Internet  for  purchasing,  if  it  is  not  already. 

•  Offer  employees  guidelines  for  paying  for  goods  and  services  purchased 
from  Web  servers. 

•  Consider  the  level  of  data  aggregation  and  marketing  information 
required  when  choosing  new  payment  schemes. 

3.  Recommendations  for  Banks 

•  Consider  offering  a  pilot  smart  card  project  in  an  entire  town  to  establish 
merchant  relationships. 

•  Offer  Web  merchant  services  and  support,  either  directly  or  via  third 
parties,  to  merchants  with  whom  you  have  credit  card  or  banking 
relationships. 

•  Explore  check  processing  and  consider  how  back-end  systems  can  be 
made  to  handle  Internet  payment  systems.  Retrofitting  old  systems  may 
not  be  the  easiest  migration;  it  may  be  easier  to  consider  alternative 
processes. 

•  Team  up  with  recognized  Certificate  Authorities  and  promote  the  use  of 
digital  signatures  for  other  businesses,  such  as  loans. 

•  Offer  services  that  help  merchants  and  businesses  pay  consumers 
electronically. 

4.  Recommendations  for  Payment  Product  and  Services  Vendors 

•  Offer  Internet  services  to  existing  customers,  or  risk  losing  their  entire 
payment  processing  business  to  a  competitor  who  can  provide  Internet 
services. 

Consider  how  financial  check  paying  networks  will  interface  with  Internet 
payment  systems. 
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Established  Payment  Methods 


This  chapter  discusses  how  traditional  payment  systems,  i.e.,  cash,  checks, 
electronic  funds  transfers,  automatic  teller  machines,  credit/debit/cash  cards, 
and  trade  credit  will  fare  as  newer  payment  methodologies  are  introduced. 


Current  Payment  Methods 

In  the  U.S.,  about  20  billion  payment  transactions  annually  are  by  check,  15 
billion  transactions  are  by  credit  card  and  eight  billion  transactions  are  by 
automatic  teller  machine.  The  type  of  payment  method  used  varies  according 
to  the  type  of  transaction: 

•  Consumer  to  business 

•  Business  to  consumer 

•  Business  to  business 

•  Consumer  to  consumer 

Exhibit  III-l  shows  the  major  payment  methods  used  by: 

•  Retailers 

•  Large  consumer  billers  (such  as  utilities  and  telephone  companies) 

•  Businesses  to  pay  other  businesses 
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Exhibit  111-1 

Current  Use  of  Payment  Methods 


Payment  Method 

Retailers 

Large  Consumer 
Billers 

Consumer  to 
Business 

Business  to 
Business 

Cash 

20 

80 

Checks 

50 

10 

Credit  Card 

26 

5 

1 

Debit  Card 

4 

5 

PO,  Trade  Check, 
Credit 

90 

(may  incl.  check) 

EFT 

5 

Other 

4 

Source:  INPUT 


Businesses  like  checks;  retailers  accept  a  wide  range  of  payments;  and 
consumers  prefer  to  pay  in  cash.  Checks  and  credit  cards  compete  for  both 
hard  goods  and  soft  goods  purchases  at  department  stores,  superstores,  and 
boutiques.  Credit  cards  dominate  mail  order/telephone  order  (MOTO) 
retailers.  ATM  cards  are  popular  in  supermarkets,  convenience  stores  and 
gas  stations.  Credit  card  networks  issue  debit  cards  that  look  like  a  credit 
card  to  a  merchant  and  look  like  an  ATM  card  to  a  consumer,  except  they 
don't  have  a  PIN.  Retailers  already  handle  30%  of  their  transactions  using 
either  debit  or  credit  cards-a  relatively  high  percentage  of  electronic 
processing,  compared  with  other  business  segments. 

Big  billers  like  mortgage  companies,  utilities,  phone  companies,  insurance 
companies,  and  credit  card  issuing  banks  use  lockbox  services  to  process 
payments  from  consumers,  usually  by  check  or  by  a  draft  issued  through  a 
service  like  CheckFree.  Increasingly,  direct  payments  are  made,  but 
storefront  sites  to  accept  bills  are  still  common  for  consumers  who  want  to 
pay  in  person.  Returned  checks  are  forcing  some  of  these  billers  to  accept 
credit  card  payment,  despite  2-5%  processing  fees.  Only  about  10%  of  these 
consumer-to-business  payments  are  electronic. 

Business-to-business  trade  is  still  firmly  tied  to  POs.  EDI  has  been  a  failure 
if  judged  by  the  number  of  businesses  that  accept  it:  about  40,000  in  the 
U.S.  Slow  payments  and  check  are  the  norm  for  business-to-business 
payments  and  companies  like  to  use  the  float.  Purchasing  card  programs  are 
rapidly  being  accepted  and  their  use  is  likely  to  increase  in  this  segment  as 
purchase  orders  are  replaced  by  electronic  transactions,  such  as  ordering 
from  an  industrial  catalog  over  the  Internet  and  paying  by  credit  card. 
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B  

Cash 

1.  Background 

Cash  is  a  widely  used  national  phenomenon,  with  each  country  having  its 
own  currency.  Holders  of  cash  must  keep  their  own  transaction  records. 
Software  products  like  Quicken  help  keep  track  of  transactions,  but  in 
general,  businesses  handle  cash  by  setting  aside  a  petty  cash  box  for  small 
purchases.  In  the  commercial  arena,  cash  registers  and  POS  terminals 
capture  cash  transactions  for  merchants.  Some  banks  refuse  to  handle  small 
cash  deposits  unless  the  currency  is  packaged  in  rolls,  as  the  processing  cost 
is  too  high. 

2.  Benefits 

The  main  benefits  of  cash  are  that: 

•  It  is  universally  accepted 

•  It  represents  a  real  store  of  value 

•  Transactions  can  be  made  anonymously  in  a  retail  outlet 

•  The  origin  of  stolen  cash  cannot  easily  be  traced 

3.  Pitfalls 

Cash  has  many  problems  associated  with  it,  which  is  why  alternatives  like 
checks  and  credit  cards  are  so  popular: 

•  By  holding  cash  and  not  investing  it,  there  is  a  cost  to  the  holder  at  least 
equal  to  the  minimum  interest  rate 

•  Cash  tends  to  be  heavy  and  not  easily  transportable — it  is  not  practical  to 
send  it  by  mail 

•  The  risk  of  theft,  errors  in  records,  or  loss  is  high: 

-  Slippage  (thefts  or  errors)  may  be  as  high  as  4% 

•  Supporting  cash  processing  is  expensive  for  a  merchant: 

-  Armored  vehicles  may  be  required  to  transport  it 

-  Someone  or  a  machine  has  to  count  it 
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-  Small  change  is  inconvenient  and  expensive  to  handle 

-  Point-of-sale  equipment  has  increased  in  cost  as  it  becomes  more 
automated 

•    Taxpayers  are  penalized  by  the  cost  of  minting,  processing,  and 
destroying  currency 

4.        State  of  the  Art 

Singapore  aims  to  replace  cash  transactions  in  the  next  ten  years.  Countries 
continually  replace  low-denomination  coins  with  those  of  higher  value.  They 
replace  coins  with  paper  as  inflation  makes  coins'  metal  content  worth  more 
than  their  trading  value. 

It  is  unlikely  that  cash  will  disappear  in  retailing  and  in  consumer-to- 
consumer  transactions,  as  many  merchants  will  remain  relatively 
unautomated.  However,  vendors  building  a  new  business  on  processing  cash 
would  be  advised  to  look  elsewhere  for  growth  opportunities,  as  cash  use  is 
likely  to  decline. 


Checks  represent  funds  available  in  the  payor's  bank  account.  They  are 
forms  that  promise  to  pay  at  a  later  date.  For  many  centuries  they  were  used 
by  the  elite  and  only  in  the  1920s  did  they  start  to  be  widely  accepted.  After 
World  War  II,  check  popularity  thrived  in  North  America,  but  for  paying 
utility  bills  and  regular  items,  GIRO  and  direct  payment  became  more 
popular  in  Europe.  The  latter  two  methods  have  the  aim  of  keeping  paper  out 
of  the  clearing  system. 

2.  Benefits 

Checks  are  widely  used  because: 

•  Users  find  them  easy  to  fill  out 

•  They  can  be  mailed 

•  They  reduce  the  likelihood  of  theft 

•  They  provide  proof  of  payment,  particularly  in  the  U.S.  where  the  IRS 
and  others  consider  checks  a  record  of  payments  made 
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•  They  frequently  can  be  processed  outside  the  country  of  origin,  albeit  for 
a  fee 

•  Virtually  anyone  can  cash  them,  given  enough  time  for  funds  to  be 
released 

3.  Pitfalls 

Checks  are: 

•  Expensive  to  process 

•  Subject  to  fraud — Check  fraud  is  on  the  increase  and  counterfeit 
measures  offer  new  opportunities  for  systems  suppliers 

•  Nonuniform  in  size — Whereas  consumer  checks  are  standardized, 
business  checks  come  in  many  sizes,  causing  problems  for  sorting 
machines 

Bank  statements  showing  check  payments  and  receipts  are  woefully 
inadequate  compared  with  credit  card  statements.  It  is  rare  for  a  bank  to  list 
the  payee  on  a  statement;  usually  the  check  number  will  suffice  to  record  a 
transaction. 

Checks  persist  in  being  difficult  paper  items  to  process  because: 

•  Regulations  and  custom  make  signed  documents  a  necessity  for  some 
transactions 

•  Banking  laws  have  impeded  innovation 

•  A  large  investment  in  people  and  processes  has  already  been  made  in 
check  processing;  it  is  hard  to  make  major  process  redesigns  when 
corporate  empires  are  at  stake 

4.  State  of  the  Art 

About  29%  of  U.S.  payment  transactions  are  by  check.  About  60  billion 
checks  are  written  annually  in  the  U.S.  and,  according  to  industry  sources, 
about  20  million  are  written  by  businesses.  The  average  cost  to  process  a 
check  is  at  least  50  cents  (George  Kaufman,  U.S.  Financial  System,  Prentice- 
Hall  1991). 

A  tremendous  industry  has  grown  up  around  check  processing,  with  federal 
regulations  in  the  United  States  governing  the  time  a  bank  has  to  process  a 
check.  The  Federal  Reserve  Bank  clears  about  40%  of  the  U.S.'s  checks  and 
charters  planes,  helicopters,  trucks,  and  couriers  to  meet  its  nightly 
deadlines.  Sorting,  filing,  and  returning  checks  has  led  to  tremendous 
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opportunities  for  systems  vendors,  primarily  IBM,  Unisys,  and  NCR.  Niche 
vendors,  like  BancTec,  have  also  emerged. 

Increasingly,  banks  truncate  checks-that  is,  they  do  not  send  them  back  to 
the  customer.  This  means  that  they  do  not  have  to  handle  paper  throughout 
the  system  and  can  rely  on  microfilm  or  images  if  the  payor  needs  a  check 
copy  at  a  later  date. 

There  are  two  aspects  to  printing  checks  with  a  laser  printer:  one  is  printing 
the  check  with  magnetic  toner  to  fill  in  the  account  information;  the  other  is 
to  fill  in  the  payee,  amount,  and  date,  which  should  not  use  magnetic  toner. 
Magnetic  toner  may  confuse  check  sorting  systems  and  laser-printed  account 
numbers  at  the  bottom  of  the  check  (in  the  MICR  line)  may  wear  off  before 
they  have  completed  their  passage  through  the  check  processing  system. 
However,  encoding  the  amount  on  the  bottom  line  of  a  check  can  save  a 
proofing  step  in  a  bank's  check  processing  operations,  where  operators  with 
character  recognition  machines  automatically  enter  or  type  in  the  amount  so 
that  it  can  be  read  by  a  machine  in  subsequent  sorting  operations.  Checks 
may  be  sorted  over  10  times,  but  the  average  is  somewhere  between  five  and 
seven  sorts  per  check. 

CheckFree,  a  service  that  enables  customers  to  pay  bills  electronically  from 
software  such  as  Intuit's  Quicken,  is  not  really  check  free.  In  some  cases, 
CheckFree  makes  an  electronic  payment,  but  more  commonly  it  prints  its 
own  paper  unsigned  drafts  and  passes  them  through  the  system,  exposing 
CheckFree  to  more  risk  than  that  normally  assumed  by  banks.  However,  it 
does  relieve  the  user  of  having  to  put  stamps  on  envelopes  and  handle  paper. 

INPUT'S  research  found  that  many  businesses,  particularly  large  ones,  pay 
their  bills  and  receive  payments  automatically,  creating  their  own  virtual 
checking  system.  They  may  send  their  accounts  payable  file  to  a  bank,  where 
the  bank  takes  over  bill  paying.  For  incoming  checks,  many  businesses  use 
bank  or  payment  processing  services.  The  bank  can  then  transmit  data  on 
magnetic  tape  or  over  a  network  that  can  be  put  into  the  accounts  receivable 
system. 


Electronic  funds  transfer  (EFT)  payments  are  transfers  of  data  that  move 
funds  from  one  place  to  another  without  paper.  Financial  EDI  (FEDI)  is  the 
final  process  in  ordering  goods  using  EDI  that  pays  the  bill  electronically. 
Automated  Clearing  Houses  (ACHs)  form  an  electronic  funds  transfer 
network  that  conforms  to  NACHA  (National  ACH  Association)  standards. 
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The  ACH  is  used  for  direct  deposit  into  a  bank  account  of  wages,  salaries, 
and  social  security  payments.  It  is  used  to  pay  mortgages,  utility  bills, 
membership  fees,  subscriptions,  and  for  many  other  transactions,  including 
FEDI. 

In  1995,  the  ACH  Network  processed  nearly  3.5  billion  items.  It  has  grown  at 
about  14%  annually  for  the  last  four  years,  with  a  total  value  of  more  than 
$11  trillion.  Currently,  an  estimated  90%  of  all  ACH  transactions  are 
consumer  transactions.  In  1992,  ACH  transactions  were  4%  of  the  number  of 
checks  and  12%  of  the  value  in  the  U.S.  (Source:  J.  K.  Dietrich,  Financial 
Services  and  Financial  Institutions). 

2.  Benefits 

By  value,  as  many  as  half  of  all  corporate  payments  are  already  made  by 
some  electronic  process,  such  as  EFT,  FEDI,  or  a  purchasing  card.  Much  of 
this  is  payroll  processing  which,  for  most  corporations,  is  the  biggest  cost. 
This  study  found  that  only  about  5%  of  transactions  are  made  electronically. 

The  main  benefits  of  EFT  are: 

•  Paperless  processing  inside  the  system,  saving  processing  time  and  costs 

•  Widely  accepted  standards  for  certain  applications-payroll  processing, 
benefits  transfer,  medical  claims  processing,  and  regular  bill  payments 

ACH  networks  work  directly  with  bank  accounts,  thereby  enabling 
connections  to  many  different  types  of  customers,  consumers,  and  large  and 
small  businesses. 

3.  Pitfalls 

•  Interfaces  directly  into  ACH  networks  are  not  readily  available  for  small 
businesses,  unless  they  use  a  financial  processing  service.  It  is  therefore 
more  suitable  for  repeated  transactions  than  for  one-off  payments. 

•  It  is  up  to  the  user  to  keep  detailed  reports  on  transactions. 

4.  State  of  the  Art 

EFT  is  a  less  costly  process  than  transferring  a  paper  check,  or  even  a  check 
image,  between  banks.  ACH  networks  are  increasingly  being  used  as  the 
back  end  to  many  different  payment  systems.  For  example,  FSTC's  E-Check 
demonstration  used  ACH  processing  at  the  final  step. 
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Services  like  CheckFree  will  increasingly  use  ACH  networks  instead  of 
creating  paper  drafts,  as  digital  certificates  become  more  widely  accepted. 
ACH  networks  are  in  a  strong  position  to  process  digital  cash  because  they 
interface  directly  to  bank  accounts. 


Consumer  Automatic  Teller  Machines 


1.  Background 

Automatic  teller  machines  (ATMs),  as  their  name  suggests,  are  designed  to 
reduce  the  costs  associated  with  having  bank  tellers.  About  70%  of  ATM 
visits  are  for  cash  withdrawal.  A  consumer  uses  an  ATM  card  on  average 
10.6  times  per  month  and  85%  of  checking  account  users  use  ATM  machines 
at  least  once  per  month. 

Consumers  use  ATM  cards  at  POS  systems  less  than  three  times  per  month. 
They  prefer  to  use  ATM  cards  rather  than  credit  cards  for  essential  items, 
like  food,  so  as  to  avoid  going  into  debt. 

Automatic  teller  machines  are  interlinked  by  different  networks  such  as 
Cirrus,  Plus,  and  Link  (U.K.).  They  are  moving  from  their  traditional 
banking  locations  into  supermarkets,  business  complexes,  and  entertainment 
complexes. 

2.  Benefits 

•  ATMs  are  now  widely  located,  with  international  connections  available  in 
many  countries 

•  Merchants  typically  pay  lower  transaction  fees  on  debit  cards  than  on 
credit  cards 

3.  Pitfalls 

Some  of  the  disadvantages  of  ATMs  include: 

•  Fees  for  some  transactions  discourage  use 

•  There  are  limits  on  amount  that  can  be  obtained  from  a  machine 

•  The  consumer  must  find  a  machine;  the  money  cannot  be  obtained  from 
home 
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4.        State  of  the  Art 

Automatic  teller  machines  have  the  potential  to  dispense  not  just  cash,  but 
information,  stamps,  tickets,  and  coupons.  In  Swindon  (U.K.),  for  Mondex's 
cash  card  trial,  the  ATMs  were  used  to  fill  up  reloadable  cards.  Automatic 
teller  machines  may  also  dispense  cash  cards. 


Credit,  Debit,  and  Cash  Cards 

1.  Background 

Credit  cards  have  traditionally  been  used  for  travel  and  entertainment  in 
business.  Diner's  Club  had  the  first  general  travel  and  entertainment  card, 
with  a  high  membership  fee  and  a  6%  fee  for  merchants.  BankAmericard  was 
the  biggest  card  issuer  in  the  1960s  and  evolved  into  an  industry  association 
to  mutually  accept  cards  from  other  banks  that  became  Visa.  Visa  now 
operates  one  of  the  largest  ATM  networks  and  is  a  major  network  services 
provider.  According  to  the  Federal  Reserve,  80%  of  households  have  credit 
cards  and  66%  use  them  regularly.  Credit  card  processors,  like  First  Data 
and  NaBanco,  handle  70%  of  credit  card  processing  and  banks  the  remaining 
30%. 

VeriFone  (Redwood  City,  CA)  has  shipped  over  five  million  transaction 
verification  terminals  in  100  countries  and  had  1995  revenues  of  $387 
million.  It  recently  announced  a  venture  with  Microsoft  to  take  its  credit  card 
validation  software,  vPOS,  thus  advancing  Internet  commerce.  VeriFone  is 
the  leader  in  equipment  for  capturing  credit  card  information. 

Credit  card  limits  were  often  too  small  for  major  corporate  purchases,  the 
transaction  fees  inappropriate,  and  handling  multiple  users  of  a  card  was 
hard.  Visa  and  MasterCard  recognize  the  limitations  of  credit  cards  for 
business  use.  Following  American  Express's  successful  program  for  corporate 
credit  cards,  they  have  both  jumped  into  this  market.  Purchasing  cards  are 
designed  for  corporations.  According  to  Visa  in  1996,  Visa,  MasterCard, 
American  Express,  and  Discover  cards  were  used  to  purchase  $737  billion 
worth  of  goods  and  services  in  the  U.S.  and  $1,485  billion  worldwide. 
Purchasing  card  holders  can  obtain  monthly  statements  electronically  on 
disk  or  tape.  Reports  can  contain  three  levels  of  information,  depending  on 
the  data  captured  by  the  POS  system: 

•  Level  1-date,  merchant,  location,  total 

•  Level  2-as  above  plus  item  detail  and  sales  tax 

•  Level  3-as  above  plus  user  specific  codes  for  special  projects,  item  groups 
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INPUT  believes  that  approximately  half  of  the  consumers  with  credit  cards 
would  like  this  type  of  reporting.  With  software  such  as  Quicken,  consumers 
are  increasingly  analyzing  their  expenditures  more  closely. 

Debit  cards  have  been  issued  by  Visa  and  MasterCard  member  banks  to 
appeal  to  the  merchant  who  wants  lower  fees  as  well  as  the  consumer  who 
does  not  want  to  exceed  his  credit  limit.  Debit  card  payments  are  settled  at 
the  end  of  the  day,  when  cash  is  taken  from  the  owner's  bank  to  pay  off 
transactions.  With  a  secured  credit  card,  the  consumer  maintains  a  cash 
balance  to  cover  the  payments  in  another  account-useful  for  consumers  with 
poor  credit  ratings  who  may  not  otherwise  get  a  card.  Neither  debit  cards  nor 
secured  credit  cards  are  personal  identification  number  (PIN)  protected. 

Visa  Cash  cards  were  introduced  at  the  1996  Atlanta  Olympic  Games  to  pay 
for  small  cash  items.  They  store  local  currency-for  example,  in  the  U.S.  in 
$10  amounts.  Cards  may  be  for  one-time  use  or  they  may  be  reloadable  at  an 
ATM.  Visa  reports  that  in  1994,  consumers  worldwide  spent  approximately 
$8.1  trillion  in  cash  purchases.  Twenty-two  percent  of  that  amount,  or  $1.8 
trillion,  represents  purchases  of  $10  or  less,  hence  the  attraction  of  cards 
that  can  handle  small  amounts  without  the  need  for  post-payment 
processing.  Consumers  are  attracted  to  cash  cards  for  their  convenience; 
merchants  are  attracted  because  they  do  not  have  the  transaction  processing 
validation  and  post-payment  processing  requirements  associated  with  credit 
cards. 

2.  Benefits 

Consumers  see  the  benefits  of  credit  cards  as: 

•  Less  cumbersome  than  checks 

•  Providing  detailed  statements  listing  place,  time,  and  amount  of  each 
purchase 

•  Delaying  payment  and  improving  cash  flow  at  no  cost  if  the  bill  is  paid  on 
time 

•  A  credit  line,  if  needed 

•  Limiting  losses  to  a  $50  maximum  if  a  lost  or  stolen  card  is  reported 
within  48  hours 

•  Allowing  disputed  or  erroneous  card  charges  to  be  left  unpaid  if  identified 
within  30  days 
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Merchants  view  credit  cards  as  a  way  to  expand  their  market  and  assure 
that  the  payor  has  funds.  By  verifying  the  card  transaction,  merchants  are 
spared  the  inconvenience  of  chasing  bad  debts. 

Issuers  see  the  benefits  of  credit  cards  as: 

•  Providing  extensive  databases,  which  in  the  U.S.  may  be  used  for 
targeted  marketing 

•  Generating  lucrative  interest  payments,  higher  than  normally  offered  by 
a  bank  loan 

3.  Pitfalls 

Even  as  recently  as  1995,  merchants  selling  on  the  Internet  could  not  qualify 
for  the  most  expensive  mail  order/telephone  order  (MOTO)  fee  scale.  This 
was  the  impetus  behind  First  Virtual  obtaining  credit  card  merchant 
accounts  on  behalf  of  resellers.  Credit  card  companies  have  now  defined  SET 
standards  to  support  credit  card  processing  over  the  Internet. 

Users  are  concerned  that  credit  card  issuers  have  access  to  intimate 
purchase  details,  particularly  in  Europe,  where  in  some  countries  it  is  illegal 
to  use  credit  card  purchase  information  for  marketing. 

4.  State  of  the  Art 

Purchasing  cards  are  typically  used  for  MRO  (maintenance,  repair,  and 
office)  services  and  products.  The  added  value  is  that  the  card  processor  can 
produce  timely  and  accurate  reporting  to  the  corporate  card  holder. 

Credit  card  transactions  now  account  for  15%  of  consumer  purchases.  Over 
50%  of  users  do  not  use  their  credit  lines  and  pay  their  card  balances  on 
time. 

G  

Trade  Credit 

1.  Background 

Trade  credit  used  to  be  common  before  the  advent  of  credit  cards  in  the 
1960s,  with  layaway  plans  and  hire  purchase  agreements.  Department 
stores,  gasoline  companies,  and  grocery  stores  issued  their  own  cards.  All  but 
the  largest  merchants  have  seen  their  own  cards  fall  into  disuse.  In  some 
areas,  trade  credit  is  still  used,  not  only  by  retailers,  but  also  by  doctors, 
dentists,  and  tradespeople. 
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Business-to-business  commerce  still  relies  on  trade  credit.  For  example,  "2, 
10,  net  30  days"  gives  a  discount  of  2%  if  the  invoice  is  paid  in  10  days, 
otherwise  it  must  be  paid  in  30  days.  Purchase  orders  and  invoices  are  still 
the  norm  in  business  transactions,  extending  credit  until  the  bill  is  due. 

2.  Benefits 

Slow  payments  are  a  way  companies  can  improve  their  balance  sheets 
temporarily.  Any  new  mechanism  that  affects  cash  flow  adversely  may  meet 
with  resistance  in  businesses. 

Service  providers  generally  support  users  well  with  appropriate  software, 
systems  support,  and  interfaces  to  other  payment  systems. 

3.  Pitfalls 

Processing  a  purchase  order,  invoice,  and  shipping  receipt  is  estimated  to 
cost  from  $20  to  $80.  Tight  financial  controls  and  integrated  accounting 
systems  provide  high-quality  reports,  but  at  significant  cost. 

EDI  is  not  widely  accepted. 

Standards  for  different  paper  forms  abound.  In  addition,  there  are  U.S. 
standards  and  international  EDIFACT  standards. 

EDI  formats  are  data  processing-oriented,  with  fields  that  correspond  to 
paper  documents  such  as  purchase  orders. 

On  the  Web  it  is  not  clear  that  this  kind  of  interface  is  useful.  Users  may 
prefer  to  enter  full-text  comments,  send  their  digital  certificate  with  personal 
details,  and  order  by  checking  boxes  next  to  a  catalog  entry.  The  price  can  be 
kept  by  the  merchant  and  only  the  quantity  of  an  item  and  item 
identification  number  sent  across  a  network.  The  merchant  can  display  the 
price  to  the  user  on  a  Web  form  and  look  it  up  in  the  database  when  ordered. 

4.  State  of  the  Art 

EDI  is  used  by  about  40,000  companies  in  the  U.S.,  a  small  proportion  of  the 
total  number  of  firms.  It  is  best  for  regular  transactions  rather  than  casual 
purchases.  Web  purchasing  is  more  likely  to  be  used  for  "one-off'  purchases. 

Primary  commerce,  where  goods  are  used  in  the  production  of  a  company's 
products,  is  where  EDI  is  most  likely  to  be  used,  rather  than  in  secondary 
commerce  that  supports  the  administration  of  the  business. 
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Outsourcing  Data  Capture  and  Data  Aggregation 

INPUT  research  indicates  that  many  large  organizations  have  already 
outsourced  some  portion  of  their  data  capture  or  data  aggregation  associated 
with  payment  processes  to  financial  system  outsourcers  or  trading  partners. 
Examples  of  processes  that  are  outsourced  are: 

•  Credit  card  processing 

•  FEDI  (financial  EDI)  and  EDI 

•  Lockbox 

•  Payroll 

•  Billing 
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Emerging  Payment  Methods  and 
Vendors 


This  chapter  considers  a  few  of  the  leading  contenders  for  new  payment 
methods.  The  advantages  and  disadvantages  of  each  method  are  described, 
followed  by  an  analysis  of  the  likelihood  of  each  method's  market  acceptance. 


Why  Are  New  Payment  Methods  Needed? 

More  than  50  new  payment  methods  are  being  proposed  for  electronic 
payment.  Some  are  academic  pilots,  others  are  commercial  implementations. 
The  perceived  benefits  are: 

•  To  make  transactions  move  faster:  for  example,  smart  cards  make 
supermarket  queues  move  faster 

•  To  provide  alternative  payment  mechanisms  for  the  Internet  (credit  cards 
have  high  processing  fees  if  the  card  is  not  shown  or  the  transaction 
value  is  small) 

•  To  gather  more  information  about  customers 

•  To  aggregate  data  for  subsequent  analysis 

1.        Data  Capture 

Given  the  success  with  which  major  credit  card  issuers  like  AT&T  and 
Citibank  have  been  able  to  analyze  their  customers'  buying  habits,  there  is 
tremendous  interest  by  vendors  of  payment  methods  in  capturing  marketing 
information. 
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Valuable  information  about  a  purchaser  captured  by  a  payment  method  may 
be  used  for: 

•  Allocation  of  marketing  resources 

•  Changing  buying  behavior 

•  Forecasting  market  changes 

2.        Data  Aggregation 

Companies  like  Nielsen  and  Oracle,  with  its  Express  software,  analyze 
aggregate  data  so  that  customer  groups,  product  lines,  and  market  segments 
can  be  analyzed  from  payment  systems. 


CyberCash  (Reston,  VA)  was  founded  in  1994  by  VeriFone  founder  Bill 
Melton  and  InterOp  trade  show  founder  Dan  Lynch.  In  many  ways  its 
processes  mimic  those  used  for  credit  cards. 

In  1995  CyberCash  issued  the  CyberCash  Wallet  that  initially  supports 
credit  card  transactions.  RSA  768-bit  encryption,  exportable  with  up  to  1024- 
bit  keys  by  special  license  that  CyberCash  obtained  from  the  U.S. 
government,  is  used  to  encrypt  key  exchanges.  The  data  sent  from  the  wallet 
is  encrypted  using  56-bit  DES  encryption. 

a)        Credit  Card  Processing  for  Internet  Purchases 

The  main  steps  in  the  payment  transaction  process  using  CyberCash 

technology  are: 

1.  The  buyer  shops  by  browsing  Web  servers  and  choosing  goods.  Client 
sends  message  to  server  listing  goods  it  wants  to  purchase.  Server 
sends  message  summarizing  transaction  to  the  buyer.  Buyer  clicks  on 
"Pay"  button,  which  launches  a  CyberCash,  CheckFree,  CompuServe, 
or  AOL  wallet  and  chooses  a  credit  card  from  it. 

2.  Client  clicks  OK  to  forward  the  order  and  encrypted  payment 
information  to  the  server. 

3.  Merchant  responsible  for  server  separates  order  and  forwards 
payment  information  to  CyberCash  server  using  digital  signature  and 
private  key  encryption.  Merchant  never  sees  the  credit  card 
information. 


B 


CyberCash-Cards  and  Coins 


i. 


Process 
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4.  CyberCash  server  takes  the  credit  card  information  behind  its  firewall 
and  off  the  Internet.  It  unwraps  the  data  using  crypto  box  hardware 
(as  used  by  banks  between  ATM  networks),  reformats  the  transaction, 
and  forwards  it  to  the  merchant's  bank  over  dedicated  lines. 

5.  Merchant's  bank  verifies  the  transaction  with  the  credit  card 
company  for  approval  or  denial.  The  resulting  code  is  sent  to 
CyberCash. 

6.  Based  on  the  code,  CyberCash  passes  the  code  to  the  merchant  who 
then  passes  it  to  the  consumer. 

CyberCash  claims  the  entire  validation  process  takes  about  15-20  seconds, 
similar  to  getting  credit  card  validation  in  a  store. 

A  diagram  illustrating  this  process,  plus  additional  explanation,  is  available 
on  the  Web  at  http://www.cybercash.com/cybercash/info/sixsteps.html. 

b)        CyberCash  Coin  Processing 

CyberCash  is  expected  to  have  introduced  a  micropayment  electronic  coin 
based  payment  scheme  for  purchases  as  low  as  25  cents  by  the  end  of  1996. 
Consumers  will  be  able  to  fill  their  CyberCash  wallets  with  electronic  coins 
from  their  checking  account. 

To  fill  the  wallet,  the  consumer  asks  CyberCash  to  get  an  amount,  say  $100. 
The  next  day  this  is  sent  into  the  wallet,  having  been  cleared  via  ACH. 

The  coin  is  data  and  not  a  store  of  value.  CyberCash  will  track  each 
transaction,  as  it  did  not  see  the  market  demand  for  privacy. 

In  addition,  the  wallet  keeps  a  log  of  transactions  on  the  user's  local 
computer.  CyberCash  offers  data  capture  and  aggregation  on  both  the 
buyer's  computer  and  its  own. 

If  the  wallet  is  lost  or  damaged  on  the  buyer's  computer,  CyberCash  will 
have  a  transaction  record  that  can  be  used  to  restore  it.  CyberCash  is, 
potentially,  for  electronic  coins  in  the  position  that  American  Express  is  in 
for  Travelers'  Checks-that  is,  that  they  can  replaced  worldwide. 

This  scheme  is  not  private  like  Chaumian  ECash,  described  elsewhere  in  this 
report. 

2.        Typical  Merchant 

CyberCash  supports  a  number  of  diverse  industries.  CyberCash  has 
attracted  high-quality  firms  like  Novell,  Oracle,  and  Farallon  in  the  software 
industry. 
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It  has  agreements  with  trade  associations,  food  companies,  and  sports 
clothes  vendors. 

J.  D.  Power  and  Associates,  a  consumer  market  research  company,  and 
Virtual  Vineyards,  wine  merchants,  support  CyberCash  wallets. 

By  June  1996,  1,004  merchants  had  signed  with  CyberCash  for  credit  card 
processing,  of  which  128  were  live  ones  that  accept  wallets,  up  from  315 
(with  74  live)  on  March  31,  1996. 

Merchants  who  wish  to  support  CyberCash  must  first  sign  with  a  bank  or 
credit  card  processor  as  a  Credit  Card  Merchant  and  be  assigned  Merchant 
and  Terminal  ID  numbers. 

The  bank  will  supply  these  to  CyberCash  on  request.  The  merchants  install 
the  CashRegister  Secure  Merchant  Payment  System  (SMPS)  modules  that 
can  be  downloaded  from  the  CyberCash  Web  site. 

3.  Advantages 

CyberCash  wallet  technology  is  gaining  acceptance  from  companies  like 
CheckFree  and  AOL. 

The  wallet  provides  a  convenient  place  to  keep  track  of  digital  signatures, 
credit  cards,  E-Checks,  and  ECash. 

By  storing  personal  details  in  a  browser  or  wallet,  the  consumer  will  not 
repeatedly  be  asked  for  name,  address,  and  credit  card  information  at  each 
Web  site  visited.  This  should  make  Internet  shopping  more  attractive. 

Exportable  long  keys  mean  that  globally  standard  software  can  be  developed 
for  wallets.  Also,  the  technology  connects  to  over  80%  of  banks  in  the  U.S. 

Additional  benefits  are  tolerable  processing  times  of  20  seconds  for  the  buyer 
and  the  fact  that  the  merchant  does  not  see  the  buyer's  credit  card  number, 
thus  increasing  security. 

The  payment  processor  can  work  with  CyberCash's  servers  with  minimal 
investment  because  it  follows  credit  card  processing  standards. 

4.  Disadvantages 

Merchants  must  register  with  a  bank  or  credit  card  processor,  which  for 
small  merchants  may  be  a  disadvantage.  Merchants  must  also  have 
CyberCash  software  installed. 

There  is  a  per-transaction  fee  payable  to  CyberCash  by  payment  processors. 
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5.  Security 

CyberCash  offers  enhancements  over  SSL  security. 

It  solves  the  problems  of  false  charges  by  merchants  and  denial  of  charges  by 
consumers  (nonrepudiation). 

It  authenticates  digital  signatures,  protecting  both  buyer  and  seller. 

It  offers  banks  protection  against  security  flaws  at  merchants  who  may  have 
a  hacker  attack  or  dishonest  staff  that  steal  credit  card  numbers.  The 
merchant  never  sees  the  numbers  and  does  not  maintain  a  credit  card  file. 

The  SET  standard  offers  comparable  security. 

6.  Market  Acceptance 

CyberCash's  initial  credit  card  service  was  introduced  in  April  1995. 

Electronic  coin  services  will  be  available  late  1996  and  the  E-Check  services 
are  expected  in  1997. 

CyberCash  went  public  in  February  1996  and  revenues  for  the  first  half  of 
1996  were  $38  million. 

Transaction  processors  that  have  approved  CyberCash's  gateway  for  their 
banks  and  merchants  include: 

•  Global  Payment  Systems  (MAPP/NDC) 

•  Visa  (Vital) 

•  American  Express 

•  Wells  Fargo  Bank 

•  CheckFree 

•  First  Data  Corporation  (Envoy,  CES,  NaBANCO,  FDR) 

•  NOVA 

Wells  Fargo,  both  a  bank  and  a  processor,  has  been  signing  up  CyberCash 
Internet  merchants  since  the  beginning  of  1996. 

Most  banks  rely  on  nonbank  service  companies  to  process  credit  cards. 

Nonbanks,  led  by  First  Data  control  70%  of  the  transaction  processing 
market. 
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SET  standards  will  mean  that  CyberCash  can  support  any  compatible 
merchant  software. 

CyberCash  supports  leading  UNIX  and  Windows  NT  operating  systems. 
CyberCash's  development  partners  include: 

•  Digital  Equipment 

•  FTP  Software 

•  InterCon 

•  Netcom 

•  Open  Market 

•  Quarterdeck 

•  Sun  Microsystems 

CyberCash  has  made  its  wallet  available  not  only  to  service  providers,  but 
also  to  banks  for  private  labeling.  It  is  likely  to  be  bundled  with  browsers. 

In  1996,  CyberCash  expects  to  add  Internet  checks.  The  coin  and  check 
schemes  will  expand  CyberCash's  support  for  lower  end  merchants,  smaller 
transaction  amounts,  and  users  who  do  not  qualify  for  credit  cards. 

7.        INPUT  Assessment 

CyberCash  has  an  experienced  management  team  with  a  broad  range  of 
contacts  and  alliances.  The  company  is  a  pioneer  that  can  switch  its  product 
line  easily  to  accommodate  new  standards  and  software.  Its  processes  are 
proven,  as  they  resemble  those  for  traditional  credit  card  processing. 

CyberCash  is  an  emerging  player,  and  with  its  back-end  processing  software 
for  merchants,  has  considerable  opportunities  for  growth. 

CyberCash  has  been  involved  with  SET  design  and  is  modifying  its  products 
and  processes  to  support  SET. 

CyberCash  supports  Internet  credit  card  transactions. 

VeriFone's  vGate  will  enable  merchants  to  bypass  CyberCash  and  connect  to 
payment  processors  directly. 

CyberCash  has  established  solid  brand  name  identity  with  Web  software  and 
system  vendors. 
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Sun,  Digital  and  SCO  embed  CyberCash's  payment  modules  into  their  Web 
solutions. 

VeriFone  may  be  stronger  than  CyberCash  in  the  Windows  NT  market, 
because  of  a  development  agreement  with  Microsoft.  But  in  the  UNIX 
market,  CyberCash  has  the  lead. 

CyberCash's  lack  of  "on  the  street"  solutions,  where  VeriFone  is  strongest, 
may  prove  to  be  its  greatest  weakness. 

CyberCash's  plan  to  derive  revenues  from  payment  processors  on  a  per- 
transaction  basis  may  be  lucrative  in  the  short  term.  In  the  long  term  it 
remains  to  be  seen  whether  competition  will  enable  it  to  continue  to  charge 
for  its  secure  gateways. 

INPUT  believes  that  in  late  1996  and  early  1997,  the  CyberCash  Coin 
scheme  will  be  gradually  adopted.  If  it  proves  "safe,"  then  it  will  spread. 

Merchants  still  think  "credit  card"  when  considering  how  to  be  paid  over  the 
Internet.  Hence,  CyberCash  has  a  major  education  and  promotion  effort  to 
evangelize  the  use  of  its  coins. 

The  main  competitor  to  CyberCash  Coin  is  smart  cards,  where  some  banks 
believe  the  physical  ownership  of  a  card  by  a  buyer  makes  the  system  more 
reliable  and  secure. 

Much  depends  on  the  payment  technology  used  and  the  success  of  network 
computers. 

If  these  Internet  appliances  adopt  smart  card  technology,  then  CyberCash 
Coin  is  less  likely  to  succeed  in  the  long  term.  If,  however,  users  find  smart 
cards  cumbersome  and  prefer  digital  solutions  to  be  stored  in  their  computer, 
CyberCash  may  be  the  long-term  micropayment  leader. 

A  payment  scheme  that  works  both  on  and  off  the  net  will  be  the  long-term 
leader. 

Microsoft  intends  to  put  a  digital  wallet  in  its  Internet  Explorer  browser 
before  the  end  of  1996  and  by  1997  it  will  be  embedded  in  Windows. 

The  wallet  is  intended  to  secure  a  user's  personal  information,  certificates, 
passwords,  and  even  numbers  like  social  security  numbers. 

This  should  help  standardize  what  otherwise  would  be  a  plethora  of  wallets, 
some  of  which  can  be  downloaded  from  DigiCash,  VeriFone,  CyberCash, 
V-One,  and  others'  Web  sites. 
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c  

DigiCash  ECash 

1.  Process 

DigiCash  was  formed  in  1990  by  cryptographer  David  Chaum,  head  of  the 
University  of  Amsterdam  cryptography  department.  Research  funding  has 
been  obtained  from  the  Dutch  government  and  the  European  Community. 

DigiCash's  Chaumian  ECash  system  evolved  from  stored  value  cards  for 
paying  highway  toll  fees.  It  has  been  trialed  since  1994. 

CyberBucks,  pretend  money,  was  issued  to  users  who  downloaded  a  software 
wallet.  CyberBucks  paid  for  software,  clip  art  and  other  soft  goods  that 
would  normally  be  free.  Over  30,000  people  signed  up  for  the  trial.  A  year 
later,  the  Mark  Twain  Bank  of  St.  Louis,  MO  issued  ECash  coins  in  real  U.S. 
dollars  as  a  trial. 

The  Swedish  Post  Office  offers  ECash  coins  in  Swedish  kroners  (crowns). 
EUNet,  a  Finnish  bank,  also  offers  ECash  in  Finnish  marks. 

ECash  provides  buyer  anonymity  once  it  has  been  purchased  and  its  source 
cannot  be  traced. 

The  seller  does  not  have  anonymity,  for  once  ECash  is  received  it  must  be 
deposited  in  a  bank.  Hence,  Chaum  refers  to  his  technology  as  having 
"constrained  anonymity."  The  buyer  can  prove  who  the  seller  is  by  reference 
to  serial  numbers.  Consequently,  ECash  may  be  good  for  purchasers  of 
drugs,  but  it  is  not  good  for  paying  kidnap  ransoms!  Exhibit  IV- 1  provides 
the  workflow  diagram  for  ECash  processing  between  a  purchaser  and  a 
server. 


Exhibit  IV-1 

Payment  Process  for  Using  DigiCash  ECash 


Intitiate  Request 


Source:  INPUT 
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ECash  works  as  follows  when  there  is  no  firewall: 

•  Purchaser's  Web  browser  sends  a  request  to  merchant's  Web  server  to 
purchase  goods 

•  Merchant's  Web  server  asks  merchant  ECash  software  if  it  can  request 
payment,  merchant  ECash  software  sends  message  via  Web  server  back 
to  purchaser's  Web  browser 

•  Purchaser's  Web  browser  passes  request  for  ECash  to  purchaser's  ECash 
wallet  and  gets  cash 

•  ECash  is  sent  back  to  merchant  and  added  to  store  of  ECash  in 
merchant's  software 

•  Merchant  ECash  software  acknowledges  receipt  of  cash  and  transaction 
confirmation  is  sent  back  to  purchaser 

The  merchant  then  has  to  settle  with  the  bank  to  exchange  the  ECash  for 
real  currency.  The  method  has  to  be  modified  to  work  with  a  firewall.  It  does 
not  work  well  with  proxy  servers  at  present. 

In  the  case  of  Mark  Twain  Bank,  a  customer  has  to  maintain  a  conventional 
account  at  Mark  Twain  Bank  to  hold  real  currency  that  can  be  used  to  pay 
for  ECashSet-up  costs  are  $11  to  $25  for  a  purchaser  and  $150  to  $500  for  a 
merchant. 

2.  Advantages 

Anonymity  for  the  purchaser. 

Merchant  does  not  need  credit  card  account. 

There  is  no  per-transaction  fee;  however,  the  merchant  pays  2-3%  to  convert 
ECash  into  real  currency;  consumers  pay  between  nothing  and  $3  to  convert 
real  currency  from  a  checking  account  into  ECash;  and  consumers  moving 
ECash  into  the  checking  account  pay  4-5%  of  the  amount. 

Merchant  fees  include  technical  support  and  free  links  to  the  site  from 
DigiCash's  home  page. 

3.  Disadvantages 

Leading-edge  merchants  tend  to  use  credit  cards.  Not  many  merchants  are 
using  DigiCash's  ECash  at  this  time,  and  many  that  are,  are  offering  niche 
goods,  e.g.,  UNIX  software  for  Windows  '95. 

There  is  little  bank  support  for  ECash,  only  Mark  Twain  bank  in  the  U.S. 
and  EUNet  in  Finland. 
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ECash  does  not  work  well  with  firewalls  that  use  proxy  servers. 

It  can  only  be  used  for  a  single  transaction,  unlike  conventional  notes  and 
cash.  Each  transaction  must  be  validated  with  the  issuing  bank  to  make  sure 
the  cash  has  not  been  spent  before. 

There  is  no  automatic  data  capture,  a  user  must  set  this  up  for  himself. 
When  a  disk  crashes,  ECash  cannot  be  recovered. 

4.  Security 

To  avoid  spending  ECash  more  than  once,  it  is  tagged  with  a  number  that  is 
checked. 

When  a  merchant  is  offered  ECash  for  payment  of  goods,  its  validity  is  tested 
against  the  issuing  bank's  database. 

ECash  processes  may  also  be  used  on  a  card,  giving  more  security  than  that 
provided  by  keeping  the  keys  off  a  computer. 

As  a  software-only  solution,  the  safety  level  is  high  for  buyers,  sellers,  and 
the  issuing  bank. 

Sellers  would  be  wise  to  deposit  the  ECash  before  shipping  goods. 

If  the  seller  does  not  ship  the  goods,  the  buyer  can  prove  he  sent  the  ECash 
and  pursue  the  seller. 

5.  Market  Acceptance 

DigiCash  estimates  that  30,000  people  were  involved  in  its  trials  with 
pretend  currency  and  market  acceptance  was  reasonably  positive. 

However,  when  it  comes  to  real  payments,  the  banking  industry  is  not 
behind  DigiCash.  This  means  that  merchants  have  few  places  to  redeem 
their  ECash  for  real  currency. 

6.  INPUT  Assessment 

The  widely  held  perception  that  ECash  is  good  for  drug  money  laundering 
and  illegal  activities  is  likely  to  prove  false  because  of  the  lack  of  anonymity 
of  the  receiver  of  payment. 

DigiCash  has  produced  a  strong  research  effort  that  illustrates  flaws  in 
current  Internet  payment  processes. 

ECash  may  be  used  for  certain  low-volume  purchases,  but  more  widely 
accepted  standards  are  likely  to  prevail.  DigiCash  may  be  better  sticking 
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with  niche  markets,  as  it  has  done  successfully  with  toll  road  cards,  than 
trying  to  be  a  general-purpose  Internet  payment  solution. 

Competition  from  Visa,  MasterCard,  and  Mondex  is  likely  to  be  severe  in  the 
long  term,  as  they  are  better  funded  and  have  major  vendor  support  and 
global  connections. 


Financial  Services  Technology  Consortium-E-Check 

1.  Process 

Financial  Services  Technology  Consortium  (FSTC),  formed  in  September 
1993,  is  a  consortium  of  some  65  organizations  comprising  banks,  financial 
services  firms,  industry  partners,  national  laboratories,  universities,  and 
government  agencies. 

FSTC's  Electronic  Check  (E-Check)  is  an  on-line  payment  instrument  that  is 
settled  nightly.  It  is  a  method  to  improve  the  clearing  process  in  today's 
largely  paper-based  check  processing  system. 

Banks  are  afraid  that  consumers  may  desert  checking  accounts  in  favor  of 
money  market  and  other  accounts.  This  means  that  the  asset  base  from 
which  loans  are  made  may  shrink. 

In  an  attempt  to  encourage  the  use  of  bank  checking,  E-Checks  have  been 
designed  for  use  both  "on  the  street"  and  "on  the  net." 

Initial  pilots  use  a  PCMCIA  PC  card  that  can  be  inserted  into  a  standard  PC 
card  reader.  The  card,  not  the  PC,  holds  the  user's  personal  information. 
PCMCIA  was  chosen  because  it  is  a  widely  accepted  standard  and  supports 
more  data  storage  than  a  typical  smart  card. 

PCMCIA  cards  typically  cost  $20,  more  than  six  times  as  much  as  smart 
cards. 

At  a  POS  terminal,  a  PCMCIA  card  reader  processes  the  card.  This  is  more 
expensive  equipment  than  widely  installed  magnetic  stripe  card  readers. 
However,  notebook  and  personal  organizer  use  of  the  cards  is  expected  to 
make  prices  fall. 

The  E-Check  standards  will  not  preclude  the  use  of  smart  cards  for  widely 
deployed  systems.  Indeed,  E-Checks  are  designed  so  that  they  can  be  sent 
over  many  different  hardware  architectures  and  networks.  A  workflow 
diagram  for  FSTC's  E-Check  processing  can  be  seen  at  its  Web  site: 
www.fstc.org. 
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The  FSTC  views  E-Check  processing  as  similar  to  paper  check  processing. 
FSTC  would  batch  transactions  and  deliver  a  group  of  checks  to  a  bank  much 
as  it  does  now. 

Fees  may  be  on  a  per-deposit  basis  to  discourage  merchants  from  making 
many  small  deposits. 

The  recipient  of  a  check  can  verify  the  digital  signature,  as  paper  check 
signatures  are  verified  today. 

Optionally,  a  funds  verification  service  like  Telecheck  may  be  contacted.  It  is 
likely  that  many  recipients  will  skip  check  verification  and  charge  fees  for 
items  returned  due  to  insufficient  funds,  illegal  signatures,  or  other  causes  of 
check  rejection. 

E-Checks  will  dovetail  with  electronic  bill  presentment  (ebp),  which  large 
organizations  like  utilities  are  starting  to  consider.  A  consumer  would 
receive  an  e-bill,  complete  with  electronic  coupons,  literature,  or 
advertisements.  This  could  be  returned  for  payment  with  an  e-coupon  to 
which  the  E-Check  would  be  attached. 

Graphical  logos,  icons,  and  art,  similar  to  that  found  on  Web  pages,  could 
make  e-bills  attractive. 

For  business,  common  user  interfaces  could  be  designed  for  electronic  bill 
paying  and  existing  EDI  systems  to  simplify  user  training. 

For  EDI  transaction  payment,  the  E-Check  may  be  sent  over  an  existing 
VAN. 

As  in  paper  check  clearing,  the  bank  of  first  deposit  (BOFD)  will  endorse  the 
E-Check.  It  will  optionally  verify  the  signature  and  transmit  the  E-Check  for 
presentment  to  the  issuing  bank. 

As  in  paper  check  processing,  there  may  be  intermediaries  like  the  Federal 
Reserve,  third  party  payment  processors,  or  ACHs.  The  FTSC  hopes  the  E- 
Check  may  foster  new  interbank  payment  networks  such  as  BIPS  (formerly 
EPH),  another  FTSC  project. 

BIPS  would  provide  netting  and  clearing  between  two  BIPS-capable  banks 
and  also  interface  to  ACH  clearing  and  settlement  systems. 

E-Checks  are  attractive  to  check  processors  because  they  significantly  reduce 
payment  processing  costs;  paper  handling  costs  are  high. 
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Within  the  banking  system,  laws  will  have  to  be  changed  to  accept  a  digital 
signature  of  the  payee  and  permit  electronic  presentment  to  the  issuing 
bank. 

Just  as  Regulation  CC  governs  the  time  a  check  can  be  in  the  clearing 
system,  regulations  will  need  to  be  passed  for  E-Checks  to  ensure  that  banks 
do  not  hold  on  to  the  float  for  too  long. 

2.  Typical  Customer 

Although  paying  by  paper  check  is  common  in  business,  some  transactions 
will  be  undertaken  with  purchasing  cards,  and  some  could  move  to  E-Checks. 

Citibank  and  Bank  of  Boston  are  driving  the  effort. 

A  potential  customer  type  could  be  the  user  who  wants  to  carry  an  electronic 
wallet  instead  of  a  checkbook. 

3.  Security 

E-Checks  are  securely  encrypted  and  carried  mainly  on  private  banking 
networks.  Public  and  private  keys  are  kept  on  a  card  or  in  software. 

Signing,  verification,  and  hashing  functions  are  kept  in  a  protected 
processing  area  in  a  PCMCIA  implementation,  not  on  the  host  computer. 
This  may  be  more  secure  as  it  is  not  open  to  attacks  on  the  host. 

If  a  card  is  stolen,  it  could  be  used  fraudulently  if  the  correct  ID  information 
was  also  available  to  the  thief. 

4.  Advantages 

The  E -Check  enables  banks  to  use  their  existing  infrastructure  for  check 
processing  to  support  Internet  and  other  electronic  payments.  The  digital 
signature  offers  more  security  than  a  physical  signature  on  a  paper  check. 

E-Check  workflow  follows  existing  paper  check  processes  to  enable 
acceptance  by  banks  and  payment  processors. 

E-Check  design  enables  great  flexibility  through  support  for  other  types  of 
payment  instruments  (e.g.,  certified  check,  cashiers  check,  credit  card  charge 
slip,  etc.)  and  added  capabilities,  such  as  future  dating,  limit  checks,  and 
multicurrency  payments.  It  is  unfortunate  that  PCMCIA  cards  have  been  the 
first  encoding  of  the  E-Check  for  a  customer.  Embedding  it  in  Quicken  would 
have  given  it  a  better  chance  of  early  success. 

There  is  no  need  to  use  an  EDI  service  provider,  as  the  Internet  is  sufficient. 
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Both  large  and  small  users  can  use  E-Checks,  enabling  corporations  to 
reimburse  employees  and  consumers  to  buy  from  large  and  small  merchants. 
E-Checks  can  also  be  sent  from  consumer  to  consumer.  Receiving  E-Checks 
enables  significant  electronic  credit.  This  can  be  an  advantage  to  the  payee, 
who  can  receive  funds  without  going  to  a  physical  bank. 

The  E-Check  can  be  integrated  into  other  payment  systems,  such  as 
micropayment  billing  systems. 

The  payee  can  authenticate  the  payor  using  digital  signatures  with  a  higher 
level  of  security  than  is  possible  with  today's  checks.  Digital  signatures  can 
be  validated  automatically,  more  easily  than  comparing  paper  check 
signatures,  by  using  either  the  human  eye  or  a  signature  verification  system. 
E-Checks  are  expected  to  cut  down  on  check  fraud. 

Data  capture  on  deposits  will  be  easily  performed  by  banks,  once  their  E- 
Check  systems  are  installed,  offering  banks  the  opportunity  to  provide 
(possibly  for  a  fee)  more  meaningful  deposit  logs  and  bank  statements  to 
their  customers. 

Once  systems  have  been  installed,  the  cost  of  processing  E-Checks  should  be 
a  fraction  of  the  cost  of  processing  paper  checks. 

5.  Disadvantages 

Significant  investment  in  bank  systems  and  tracking  E-Checks  will  require 
new  software  and  it  is  not  clear  that  banks  are  prepared  to  make  the 
investment,  given  check  truncation,  image  scanning  capture  of  paper  checks, 
and  the  popularity  of  paper  checks. 

Packaging  E-Checks  so  that  they  are  easier  for  the  consumer  to  handle  than 
paper  checks  will  be  a  major  effort.  Given  the  rise  in  debit  cards,  it  is  not 
clear  that  consumers  will  need  to  carry  another  (E-Check)  card. 

Merchants  are  unlikely  to  integrate  PCMCIA  card  readers  with  their  POS 
systems  just  for  E-Checks.  Adding  them  to  handle  many  tasks  is  possible, 
but  E-Checks  may  not  be  the  driving  application.  Visa  and  MasterCard  see 
merchant  upgrading  to  smart  card  readers  in  the  1997-1998  timeframe,  but 
upgrading  to  PCMCIA  card  readers  is  less  likely.  In  addition,  at  least  four 
financial  services  groups  are  pushing  different  check  image  capture  at  the 
POS  schemes  on  large  retailers,  which  they  feel  unable  to  support.  If  E- 
Checks  cannot  be  accepted  at  the  POS  it  seems  unlikely  that  they  will  gain 
support  elsewhere. 

E-Checks  are  late  to  market-debit  cards  and  other  electronic  credit  card 
schemes  are  ahead  of  them. 
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6.  Market  Acceptance 

Growth  of  checks  is  lower  than  that  for  credit  card  payments.  However,  a 
healthy  5%  annual  growth  in  check  processing  for  the  last  five  years  means 
that  the  E-Check  market  has  potential.  This  would  indicate  a  long-term 
revolution  of  the  check  processing  environment,  not  a  short-term  solution.  It 
is  unlikely  that  E-Check  use  will  be  widespread  before  the  turn  of  the 
century,  if  at  all. 

The  major  U.S.  banks,  including  Bank  of  America,  Bank  of  Boston,  Bank  of 
Montreal,  Bank  One,  Chemical  Bank,  Citibank,  and  Wells  Fargo  Bank  are 
involved  in  FSTC  projects. 

Industry  participants  include  BBN,  Equifax  Check  Services,  IBM,  National 
Semiconductor,  Sun,  and  Telequip. 

Advisors  include  Bellcore,  Oak  Ridge  National  Laboratory,  Sandia  National 
Laboratory,  NACHA,  and  others. 

Telequip  supplies  its  Crypta  Plus  memory  card  and  token  technology  in  an 
E-Check  board  version. 

National  Semiconductor  has  been  offering  the  project  a  PCMCIA  solution. 

7.  INPUT  Assessment 

E-Checks  are  an  electronic  version  of  a  paper  check.  Usually,  automating  a 
paper  process  is  not  an  efficient  way  to  move  from  a  paper  environment  to  an 
electronic  one.  E-Check  processes  for  the  purchaser  are  yet  another  process 
using  digital  signatures,  and  INPUT'S  research  does  not  indicate  high 
interest. 

From  the  check  processor's  perspective,  E-Checks  are  less  threatening  o 
existing  organizations  and  power  structures  built  around  check  processing 
than  credit  card  or  entirely  new  processes. 

Currently,  paper  check  processing  is  accompanied  by  electronic  records  that 
can  be  adapted  to  support  E-Checks. 

Check  truncation  is  seen  as  an  alternative  to  E-Check  processing,  with  users 
still  having  paper  checks  rather  than  electronic  checkbooks.  Debit  cards  are 
the  most  serious  competition  to  E-Checks,  as  both  processes  remove  cash 
from  a  purchaser's  checking  account  directly. 

CheckFree,  although  it  relies  on  unsigned  drafts  and  ACH  networks  for  bill 
paying,  will  substitute  for  E-Checks  as  interfaces  to  its  service  are  provided 
in  more  accounting  packages.  The  Quicken  Financial  Network,  which 
enables  consumers  to  pay  from  AOL  or  Quicken  and  supports  banks  directly, 
will  also  compete  with  E-Checks. 
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E  

First  Virtual-Off-the-lnternet  Security 

1.  Process 

First  Virtual  Holdings  was  founded  in  1994  by  a  team  that  included 
Nathaniel  Borenstein,  who  invented  the  widely  used  MIME  e-mail  protocol 
while  at  Bellcore,  and  Marshall  Rose,  who  has  written  highly  regarded  books 
on  Internet  technology.  Other  members  of  the  management  team  were  from 
Hollywood  and  the  entertainment  industry,  providing  a  virtual  company 
connected  via  networks. 

First  Virtual  relies  on  "out  of  band"  security-that  is,  the  credit  card  number 
is  not  connected  to  the  Internet.  It  is  sent  to  First  Virtual  by  phone  or  fax 
and  kept  on  a  separate  server.  First  Virtual  acts  as  a  trusted  third  party 
between  buyer  and  seller. 

A  first- time  shopper  has  to  register  an  account  with  First  Virtual. 

Initial  communication  is  by  e-mail  and  a  potential  account  holder  is 
reminded  regularly  to  hand  over  his  credit  card  number  via  phone  to  First 
Virtual  before  a  transaction  is  made. 

Once  the  holder  has  an  account  he  is  issued  a  VirtualPIN  and  First  Virtual 
handles  the  credit  card  authorization. 

Each  time  a  customer  makes  a  purchase,  an  e-mail  is  sent  to  First  Virtual 
that  is  then  confirmed  by  e-mail  and  telephone. 

The  buyer  responds  to  an  e-mail  from  First  Virtual  asking  if  he  wants  to  buy 
with  "Yes,"  "Fraud,"  or  "No,"  the  latter  meaning  the  product  is  not  wanted. 
In  the  case  of  a  "Fraud"  reply,  the  account  number  will  be  blacklisted  and  a 
new  VirtualPIN  assigned. 

Accounts  are  settled  with  merchants  using  an  ACH  to  credit  the  merchant's 
checking  account.  First  Virtual  keeps  transaction  logs  and  information. 

For  fulfillment  of  soft  goods  orders,  the  VirtualPIN  is  sent  to  the  merchant, 
who  will  verify  that  it  has  not  been  blacklisted  by  First  Virtual  and  will  send 
electronic  goods  to  the  purchaser.  Exhibit  IV-2  shows  the  workflow  diagram 
for  how  the  payment  transaction  is  carried  out  for  delivery  of  goods  that  can 
be  sent  over  the  Internet,  such  as  information. 
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Exhibit  IV-2 

Payment  Process  for  Soft  Goods  Using  First  Virtual 


Credit  Card  Acquirer 


7.  If  Yes, 
Process 
Credit  Card 


Source:  INPUT 


2.  Typical  Merchant 

The  typical  merchant  is  a  small  organization  that  does  not  qualify  for  a 
credit  card  number.  These  include  gift  vendors,  publishers,  and  software 
sellers. 

3.  Advantages 

The  First  Virtual  system  is  simple  for  the  buyer  to  understand.  A  buyer 
needs  only  a  credit  card  and  an  e-mail  account. 

First  Virtual  provides  a  software  toolkit  to  support  merchants  who  have 
their  own  servers. 

Merchants  without  servers  can  rent  space  on  First  Virtual's  InfoHaus  mall 
($1.50  per  megabyte  per  month). 

First  Virtual  provides  a  service  to  small  merchants  who  cannot  qualify  for 
credit  card  accounts,  or  for  whom  such  accounts  are  prohibitively  expensive. 


EEA6 


©  1997  by  INPUT.  Reproduction  Prohibited 


45 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


4.  Disadvantages 

First  Virtual  does  not  credit  the  merchant  until  a  certain  balance  is  reached, 
whereas  a  credit  card  acquiring  bank  usually  settles  the  account  the  day 
after  credit  card  slips  are  deposited.  For  some  merchants,  First  Virtual  can 
hold  payment  for  as  long  as  90  days. 

Buyers  may  repeatedly  type  "No,"  abusing  the  system.  First  Virtual  monitors 
such  cases  and  removes  accounts  that  abuse  the  system. 

Users  cannot  complete  a  transaction  in  one  step-they  need  to  send  an  e-mail 
and  possibly  telephone  First  Virtual.  The  buying  process  is  slow  and 
unsuitable  for  impulse  purchases. 

For  the  purchase  of  physical  goods,  the  buyer  can  repudiate  the  purchase, 
denying  that  the  goods  were  ever  ordered  and  causing  the  merchant  a 
fraudulent  loss. 

Telephone  order  (TO)  companies  typically  ask  the  buyer  for  additional 
information,  such  as  a  billing  address,  and  then  they  get  verification  that  the 
goods  were  received  by  requesting  that  carriers  like  FedEx  and  UPS  obtain  a 
signature  from  the  recipient. 

5.  Security 

Keeping  credit  card  numbers  off  the  Internet  makes  the  system  as  secure  as 
for  a  typical  telephone  order  (TO)  merchant. 

6.  Market  Acceptance 

By  March  1996,  First  Virtual  had  signed  up  109,000  consumers  and  1,370 
merchants  in  144  countries. 

In  early  1996,  First  Virtual  was  estimated  to  be  moving  $60,000  worth  of 
trade  per  day  and  signing  up  about  4,000  customers  a  week.  It  charges 
customers  $2  (waived  until  mid-1997)  and  sellers  $10  to  register. 

The  merchant  also  pays  29  cents  plus  2%  of  the  sale  amount  on  each 
transaction.  Each  time  a  payment  is  made  to  their  account,  sellers  pay  a  $1 
processing  fee. 

Fraud  rates  are  currently  low,  but  so  they  were  when  credit  cards  first 
started.  The  charge-back  ratio  so  far  is  about  0.02%. 

7.  INPUT  Assessment 

Prepaid  digital  cash  and  cash  card  schemes  will  become  the  norm  for  paying 
for  small  items. 
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First  Virtual  is  doing  a  service  for  the  small  merchant,  but  it  is  not  likely 
that  users  will  suffer  the  inconvenient  user  interface  for  long. 

Merchants  depend  on  the  solvency  of  First  Virtual  for  their  payments,  which 
may  be  slower  in  coming  to  them  than  if  they  were  using  a  bank. 

When  banks  and  credit  card  processors  widely  support  smaller  merchants, 
First  Virtual's  system  will  not  be  attractive  to  them. 

The  technologists  at  First  Virtual  are  talented;  they  will  either  think  of 
solutions  or  leave  and  create  another  company. 

First  Virtual  is  likely  to  follow  industry  standards  and  becom  a  different  type 
of  company  or  be  dwarfed  by  SET  systems  supported  by  the  major  banks, 
Microsoft,  VeriFone,  RSA,  Visa,  MasterCard,  and  others. 


Micro,  nano,  and  pico  payment  systems  all  deal  with  paying  in  small 
amounts  on  the  Internet. 

Fare  cards,  prepaid  subway  tokens,  and  prepaid  phone  cards  are  examples  of 
stored  value  instruments. 

Users  trust  the  card  provider  to  honor  the  value,  as  cards  are  not  issued  by  a 
government,  and  if  the  card  is  not  used  for  its  intended  purpose  its  value  is 
wasted. 

In  micropayment  systems,  the  user  pays  in  advance,  simplifying  downstream 
processing  and  reducing  transaction  costs. 

A  U.S.  positioning  of  different  proposals  is  given  in  Exhibit  IV-3.  In  Europe 
and  elsewhere,  privacy  laws  may  make  banks  unable  to  use  purchasing 
information. 
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Micropayment  Systems,  including  Visa 


1. 


Process 
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Exhibit  IV-3 

Positioning  of  Micropayment  Vendors 


No  hank  privacy 


Source:  INPUT 


Checking  accounts  preserve  value  and  are  insured  up  to  $100,000  in  the  U.S. 
Stored  value  systems  for  the  Internet  typically  store  up  to  $500.  Disposable 
smart  cards  usually  come  in  small  denominations  up  to  $20. 

Reloadable  cards  can  be  filled  from  a  bank,  using  a  credit  card  or  other 
means.  No  system  permits  a  user  to  carry  tens  of  thousands  of  dollars  in  a 
smart  card  or  notebook  computer. 

In  Europe  and  Japan,  high  telephone  charges  motivated  the  move  to  smart 
cards  to  reduce  credit  card  verification  costs. 


2.  Security 

Software-only  micropayments  systems  like  DigiCash  ECash  and  CyberCash 
Coin  use  keys  stored  on  a  PC. 

When  a  user  enters  a  PIN,  a  virus  may  enter  the  computer  and  steal  the 
PIN.  PCs  are  vulnerable  to  attack. 

Banks  feel  happier  with  security  information  stored  in  a  card  that  can  be 
stored  in  a  purse  like  a  key  and  kept  safe. 

Hardware  wallets  also  offer  some  protection  because  they  are  worn  on  or 
carried  close  to  the  user. 
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3.        Market  Acceptance 

Global  cash  transactions  amount  to  $8.1  trillion  a  year,  of  which  22%  ($1.8 
trillion)  is  for  amounts  less  than  $10.  In  the  U.S.,  estimates  of  consumer  cash 
transactions  are  around  300  billion  (Source:  Bank  for  International 
Settlement),  and  225  billion  are  under  $20  (Source:  American's  Community 
Banker,  May  1995). 

In  the  U.S.  it  is  estimated  that  56%  of  transactions  are  made  in  cash. 
Worldwide,  cash  accounts  for  90%  of  all  transactions.  An  estimated  60  billion 
bank-facilitated  consumer  transactions-one-fifth  the  number  of  cash 
transactions-use  credit  card,  debit  card,  ATM  card,  checks,  and  wire 
transfers.  Automating  cash  handling  is  the  incentive  to  use  smart  cards 
(cash  cards).  It  is  likely  that  there  will  be  gradual  acceptance  of  smart  cards, 
but  it  is  unlikely  that  half  of  all  cash  transactions  will  use  smart  cards  by  the 
year  2000,  as  some  industry  estimates  would  indicate. 

Visa  has  trials  of  Visa  Cash  in  Australia  and  it  had  a  trial  system  at  the 
1996  Olympic  Games  in  Atlanta. 

First  Union  and  Wachovia  were  two  of  the  first  banks  to  offer  Visa  Cash 
cards,  which  come  in  disposable  or  replenishable  versions.  Many  more  are 
expected  to  follow. 

Disposable  Visa  Cash  cards  can  be  purchased  by  anyone-a  banking 
relationship  is  not  needed.  In  Atlanta,  they  were  available  in  denominations 
of  up  to  $100. 

Visa's  Electronic  Purse  consortium  includes  an  international  group  of  banks, 
including: 

•  Bansys,  Belgium 

•  EPS  (Electronic  Payment  Services),  Delaware 

•  FISC  (Financial  Information  Systems  Center),  Taiwan 

•  CD  Groupement  des  Cartes  Bancaires,  France 

•  Sociedad  Espanola  de  Medios  de  Pago,  Spain 

Austria,  Portugal,  and  Denmark  have  their  own  cash  card  schemes.  MAC 
ATM  network  was  proposing  a  unified  ACH  card,  but  prospective  banks  are 
turning  to  Visa  and  MasterCard. 

Mini-micropayment  schemes,  designed  for  fraction  of  a  cent  transactions,  are 
proposed  by  Digital  (Millicent),  W3C  (Micropayment  Transfer  Protocol),  and 
Payword/Micromint  from  Ron  Rivest  of  MIT. 
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These  are  being  proposed  for  metered  applications,  where  payments  may  be 
in  fractional  amounts.  Whether  users  really  need  to  buy  small  items  like 
nails  for  a  fraction  of  a  cent  remains  to  be  seen. 

4.        INPUT  Assessment 

Micropayment  schemes  are  viable  and  many  alternatives  will  be  available. 
These  will  vary  by  vendor;  certain  industries  may  prefer  certain  schemes, 
depending  on  who  vendors  target. 

Mondex,  CyberCash  Coin,  and  DigiCash  ECash  are  discussed  in  this  chapter 
in  their  own  sections.  Visa,  MasterCard,  and  Mondex  are  likely  to  be  leaders. 


Mondex  was  invented  at  the  U.K.'s  National  Westminster  Bank  in  1990.  In 
July  1996  it  was  spun  off  and  is  now  51%  owned  by  MasterCard. 

Mondex  wallets  have  been  developed  by  such  manufacturers  as  Hitachi. 
They  are  calculator-like  and  a  Mondex  card  may  be  inserted  in  the  wallet  or 
carried  separately. 

The  advantage  of  the  wallet  is  that  it  may  be  used  to  store  additional  value 
beyond  what  is  on  the  card.  Mondex  cards  may  also  be  read  by  PC 
peripherals  or  POS  terminals. 

Cash  may  be  sent  from  Mondex  card  to  Mondex  card  over  a  network  such  as 
the  Internet.  Hence,  Mondex  provides  a  system  that  is  both  "on  the  street" 
and  "on  the  net."  The  Mondex  system  can  be  used  at  adapted  ATM  machines, 
special  phones,  PCs,  and  POS  terminals  with  appropriate  card  readers.  Since 
it  is  shared  electronic  information,  it  can  be  relayed  over  the  special  phones. 

Exhibit  IV-4  shows  how  soft  goods  can  be  ordered  using  a  Mondex  card.  The 
card  is  inserted  in  a  card  reader  in  the  user's  PC  on  request  from  the 
merchant.  Each  card  is  validated. 

The  process  is  similar  to  that  of  DigiCash,  but  more  tracking  takes  place  in 
the  card. 


G 


Mondex-Cash  Card 


l. 


Process 
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In  the  San  Francisco  trials,  the  last  ten  payments  were  recorded  and  then 
cyclically  written  over.  So  if  a  card  was  found,  a  bank  could  trace  its  last  10 
transactions. 


Transactions  are  not  completely  anonymous. 
There  are  no  monthly  statements. 


Exhibit  IV-4 


Payment  Process  for  Soft  Goods  Using  Mondex 


Intitiate  and  Confirm 
Request 


Ask  For  Payment 


Send  Cash  From  Card 


Acknowledge  Payment 
Send  Goods 


Validate 
Purchaser's  Card 
and  Currency 


Get  Cash  From 
Purchaser 


Source:  INPUT 


A  consumer  needs  a  bank  account  with  a  sponsoring  bank.  At  a  minimum,  a 
consumer  needs  a  Mondex  card,  but  may  also  rent  or  buy  an  electronic 
wallet,  PC  card  reader,  and  balance  reader. 

Manufacturers  of  Mondex-compatible  equipment  include  Hitachi,  VeriFone, 
Unisys,  Amdahl,  and  Keycorp. 

Value  can  be  transferred  to  retailers  and  also  to  other  individuals  that 
support  the  system.  Transaction  detail  can  be  viewed  with  a  wallet  or  with  a 
balance  reader  that  looks  like  a  key  chain. 

A  merchant  would  normally  transfer  the  contents  of  the  till  by  phone  to  a 
bank.  Only  the  cash  sum  is  sent  to  the  bank;  POS  details  are  kept  in  the 
merchant's  cash  register. 

For  a  robber  to  get  cash  from  a  Mondex  till,  he  would  need  the  PIN  of  each 
card  that  had  put  cash  into  the  till. 

The  till  records  each  card  number  to  or  from  which  cash  is  transferred  and 
the  amount.  This  makes  it  possible  to  get  refunds.  The  refund  is  linked  to  the 
card  that  put  cash  in  the  till. 
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Bringing  a  merchant  a  receipt  for  returned  goods  will  be  insufficient  to  get 
electronic  cash.  The  card  that  made  the  purchase  will  be  needed. 

2.  Typical  Users 

Any  vendor  that  accepts  credit  cards,  either  in  a  store  or  over  a  network,  is 
likely  to  be  a  candidate  for  Mondex. 

3.  Advantages 

The  merchant  has  tremendous  incentive  to  use  Mondex,  as  it  facilitates  cash 
management.  Banks  also  see  Mondex  as  reducing  cash  handling  costs. 

Consumers  can  use  Mondex  with  many  different  devices. 

4.  Disadvantages 

In  the  Swindon  (U.K.)  trials,  10,000  purchasers  signed  up,  well  below  the 
40,000  expected.  Cost  of  the  service  was  one  reason  consumers  balked. 

Devices  like  ATMs,  POS  card  readers,  and  telephones  are  starting  to  be 
made  that  support  Mondex  devices.  Conversion  will  not  be  overnight  and  will 
be  at  a  cost  to  both  users  and  merchants.  Banks  will  offer  rental  programs  to 
smooth  the  transition  to  new  equipment. 

Whereas  the  architecture  of  the  Mondex  system  is  designed  for  all 
transaction  values,  it  is  being  promoted  initially  as  a  system  for  storing 
under  500  pounds  sterling  ($750)  at  a  consumer's  site,  to  prevent  large  losses 
or  major  errors. 

5.  Security 

Wells  Fargo  Bank  chose  Mondex  because  it  was  more  secure  than  storing 
electronic  cash  on  a  PC  and  the  processing  was  well  thought  out.  Banks  will 
be  reluctant  to  send  electronic  cash  to  a  PC  without  a  separate  store  of  value, 
like  a  Mondex  card. 

Mondex  plans  to  change  the  software  in  its  cards  at  least  every  two  years  to 
keep  ahead  of  those  who  may  seek  to  break  security  codes  and  protocols.  The 
digital  signatures  on  merchant  and  consumer  cards  are  changed  frequently. 

When  a  consumer  withdraws  cash  for  a  Mondex  card  from  a  bank  account  or 
a  merchant  makes  a  deposit  of  Mondex  electronic  cash,  digital  signatures 
may  be  changed.  Each  chip  (initially  a  Hitachi  microprocessor)  in  a  Mondex 
card  has  two  different  security  systems  on  board:  one  active,  one  dormant. 

Periodically,  cards  are  instructed  to  activate  the  dormant  system.  This  then 
becomes  the  active  system  over  time  and  a  new  dormant  system  can  be 
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added.  This  enables  upgrades  to  be  made  without  changing  the  physical 
card. 

When  data  is  sent  between  cards,  the  cards  are  known  to  the  protocol,  so 
that  a  hacker  with  a  different  card  from  the  intended  recipient  will  not  be 
able  to  intercept  the  transaction. 

Privacy  International,  a  consumers'  right  to  privacy  group,  has  filed  a 
complaint  against  Mondex  for  falsely  advertising  that  it  is  just  like  cash. 
They  claim  that  since  the  merchant  has  a  list  of  purchasers  that  the  bank 
may  use  to  track  payees,  this  makes  it  less  private  than  cash. 

6.  Market  Acceptance 

The  main  pilot  program  has  been  in  Swindon  (U.K.),  where  over  70%  of  the 
town's  1,000  merchants  could  accept  the  card.  In  addition,  British  Telecom 
(BT)  was  recruited  to  equip  200  payphones  with  the  ability  to  read  Mondex 
cards,  and  taxicab  drivers  were  able  to  accept  them. 

Although  somewhat  more  than  10,000  cardholders  signed  up  for  the  pilot, 
this  was  far  below  the  desired  40,000  participants.  Special  screen  phones  to 
refill  the  cards  and  act  like  in-home  cash  machines  were  deployed  at  some 
consumer  and  merchant  sites. 

In  addition,  bank  ATMs  were  modified  to  take  Mondex  cards.  Wells  Fargo 
Bank  in  San  Francisco  has  been  trialing  the  Mondex  system  in  the  city's 
financial  district.  Further  trials  are  planned  in  Hong  Kong  and  Canada. 

The  key  to  a  successful  trial  is  getting  a  critical  mass  of  merchants  to  accept 
the  cards. 

Mondex  is  expected  to  coexist  with  credit  card  company  cash  schemes. 
VeriFone's  new  SC  line  of  card  readers  works  with  Visa,  MasterCard,  and 
Mondex  cards. 

Mondex  expects  that  some  cash  will  always  be  used,  particularly  for  the  gray 
market  and  for  paying  people  unable  to  afford  the  technology  for  Mondex 
cards,  such  as  low  income  households  and  beggars. 

7.  INPUT  Assessment 

Mondex  is  well-poised  to  be  a  winning  micropayment  system,  especially 
across  national  boundaries,  because  of  its  international  support.  Currently, 
Mondex  cards  can  store  up  to  five  currencies  at  one  time. 
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Mondex  trials  have  been  well  received  by  merchants  who  save  time  in 
counting  change  and  settling  with  the  bank.  Merchants  can  phone  in  their 
receipts  instead  of  physically  transporting  them  to  the  bank. 

Mondex  does  not  provide  a  full  audit  trail,  and  government  bodies  and 
several  major  banks  have  felt  that  this  would  be  necessary.  MasterCard 
plans  to  provide  audit  trails  for  larger  amounts  (as  dictated  by  government 
offices  in  each  country). 

Mondex  has  good  multicurrency  and  multiple  account  capabilities.  The 
latter  can  be  used  for  credit,  debit,  and  other  purposes,  supporting  a 
multifunctional  card  concept. 

Mondex  is  well  aware  of  the  regulatory  issues  surrounding  electronic  cash 
and  has  made  presentations  before  the  U.S.  Congress. 

Visa  Cash  is  expected  to  be  a  major  competitor. 

Mondex  is  not  fully  compliant  with  the  standards  developed  by  Visa, 
MasterCard,  and  Europay  (EMV),  but  MasterCard  has  specified  this 
compliance  as  a  term  of  its  acquisition  of  51%  of  Mondex. 

Most  banks  are  much  more  interested  in  SET  technology  that  can  be  used 
with  credit  cards  on  the  Internet  for  on-line  payment  transactions  than  in 
Mondex  or  other  electronic  purse  concepts. 


Netscape  and  Others-Credit  Cards  Using  SSL 

1.  Process 

Netscape's  SSL  (Secure  Sockets  Layer)  uses  CCITT  X.509  signed  certificates. 
Netscape  uses  VeriSign  as  its  Certificate  Authority. 

Merchants  are  widely  using  certificates  and  consumers  are  just  starting  to 
use  them. 

Secure  sites  are  sometimes  designated  with  "https//..."  rather  than  "http//..." 
Netscape  builds  SSL  security  into  its  Navigator  browsers  and  into  some  of  its 
servers,  the  first  being  the  Netscape  Commerce  Server. 

SSL  is  a  protocol  that  allows  many  variations  and  runs  over  TCP/IP.  A  major 
strength  is  that  it  is  independent  of  the  protocols  like  HTTP  that  run  above 
it.  It  is  used  to  carry  a  record  securely  across  the  Internet  and  to: 
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•  Authenticate  the  server,  and  optionally  the  user 

•  Ensure  that  communication  between  browser  and  Web  server  is  private 

•  Ensure  that  the  transmission  is  reliable,  assuming  the  underlying 
TCP/IP  network  behaves  well 

SSL  can  be  used  for  any  record  and  is  relatively  low  level.  It  is  only  designed 
to  connect  client  and  server;  it  is  not  for  multivendor  situations.  A  typical 
transaction  involves  buyer,  seller,  and  credit  card  authorizer  at  a  minimum, 
hence  more  complex  security  protocols  are  being  designed. 

Exhibit  IV-5  gives  the  workflow  for  how  SSL  is  used  to  transmit  a  record, 
such  as  a  credit  card  number,  over  the  Internet  securely. 

Client  sends  CLIENT_HELLO: 

•  Contains  Challenge  field,  equivalent  to  "mother's  maiden  name"  or  other 
data  commonly  used  by  banks  to  recognize  a  user 

•  Contains  information  on  cipher  used  by  the  server,  such  as  algorithm 
used  and  key  length;  for  example,  an  exportable  version  of  Netscape  may 
use  40  bits,  whereas  a  U.S.  version  may  use  128  bits 

•  Wells  Fargo  bank  rejects  a  client  for  its  on-line  banking  system <if  it  only 
has  a  40-bit  key  implementation. 

Server  sends  SERVER_HELLO: 

•  Responds  to  client  by  sending  its  certificate  from  a  registered  authority 
like  VeriSign 

•  Sends  specifications  of  encryption  used  for  the  record  that  will  be  encoded 
after  the  key  exchange  phase,  usually  the  lowest  common  denominator 
between  browser  and  server 

Client  sends  CLIENT_MASTER_KEY: 

•  Before  sending  the  message,  the  client  verifies  that  the  certificate  is  good. 
The  first  time  this  is  sent,  the  client  user  may  just  have  to  trust  that  if 
the  server  looks  genuine  and  sends  a  certificate  that  looks  genuine,  it 
probably  is  genuine. 

•  The  Web  server  merchant  may  also  send  the  challenge  to  the  user  by 
another  route,  such  as  by  phone,  fax,  or  an  e-mail  message-not  foolproof, 
but  it  increases  the  security  somewhat. 
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•  Assuming  the  client  accepts  the  certificate,  it  has  a  trusted  copy  of  the 
server's  public  key. 

•  It  then  generates  new  symmetric  keys  from  the  public  key  and  sends 
these  back  to  the  server,  encrypting  them  with  the  server's  public  key. 

Server  sends  SERVERVERIFY: 

•  The  server  knows  the  encryption  algorithm  used  by  the  client  and  its 
public  key,  hence  with  its  secret  key  it  can  decrypt  the  new  encoding  of 
the  symmetric  keys  sent  to  it  from  the  client. 

•  If  SSL  is  implemented  with  good  algorithms  and  long  enough  keys,  no 
one  in  the  middle  is  likely  to  intercept  the  encrypted  symmetric  keys 
during  transmission  because  the  secret  key  is  known  only  to  the  server. 

•  Now  client  and  server  have  new  keys  that  can  be  used  to  encrypt  the 
sensitive  data. 

•  The  server  sends  the  challenge  back  to  the  client  and  the  client  validates 
the  exchange. 

Client  sends  CLIENT_FINISHED: 

•  The  client  closes  out  the  handshake  by  sending  a  message  to  the  server. 
Server  sends  SERVER_FINISHED: 

•  The  server  closes  out  the  handshake  by  sending  a  message  to  the  client. 
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Exhibit  IV-5 


Payment  Process  for  Soft  Goods  Using  SSL 


Initiate  Transaction 


CLIENT_HELLO  (Challenge,  Cipher  Specs) 


SERVER_HELLO  (Server  Certificate,  Bulk  Cipher  Specs,  Connection_ID) 


Verify  Server  Certificate,  Generate  Symmetric  Keys 


CLIENT_MASTER_KEY  ((Master  Keys)  Server_Public_Key) 


SERVER_VERIFY  ((Challenge)  Server_Private_Key 


Client  Authenticates  Server 


CLIENT_FINISHED  ((Connection_ID)  Client_Write_Key) 


SERVER_FINISHED  ((New_Session_ID)  Server_Write_Key) 


Secure  HTTP  or  Of  iter  Secure  Dialog 


Exchange  Record,  Such  As  Credit  Card  Data 


Source:  INPUT 


2.        Typical  Merchant 

Any  merchant  already  trading  using  credit  cards  on  its  own  Web  site  is  likely 
to  use  SSL. 


3.  Advantages 

Netscape  freely  offers  SSL  as  a  standard,  although  it  charges  for  its  secure 
servers;  hence,  it  has  become  very  widely  accepted.  There  is  no  per- 
transaction  cost  for  using  the  standard. 


SSL  can  secure  any  record,  not  just  HTTP. 

SSL  is  widely  deployed  in  Web  servers,  which  means  that  merchants  can 
easily  secure  credit  card  and  other  sensitive  data. 


4.  Disadvantages 

The  security  is  only  between  client  and  server,  not  for  complex  transactions 
involving  intermediaries. 
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If  buyers  do  not  have  certificates,  the  server  cannot  know  whether  they  are 
genuine,  so  anyone  can  steal  a  computer  with  a  user  ID  and  password  and 
pretend  to  be  someone  else  (for  that  matter,  they  could  steal  a  computer  with 
a  certificate  in  it  if  it  was  not  protected  in  a  wallet!). 

Buyers  without  certificates  can  repudiate  the  message,  and  the  merchant 
may  be  left  with  returned  inventory. 

Exported  browsers  currently  have  shorter  keys  than  domestic  U.S.  ones, 
making  them  unusable  for  secure  transactions  at  some  sites,  such  as  Wells 
Fargo  Bank. 

Unless  the  purchaser  is  a  frequent  visitor  to  an  SSL  site,  the  initial  form 
filling,  asking  for  name,  address,  e-mail  address,  mother's  maiden  name, 
etc.,  gets  tedious,  slowing  down  Internet  shopping. 

5.  Security 

The  key  exchange  described  above  did  not  authenticate  the  user,  as  the  user 
did  not  have  a  certificate.  The  protocol  does  allow  the  server  to  ask  the  user 
for  a  certificate.  However,  in  the  future,  the  server  will  ask  the  user  for  a 
certificate. 

Much  of  the  security  depends  on  the  quality  of  the  Certificate  Authority 
(CA).  Supposing  an  entity  issued  false  certificates  and  pretended  to  be 
VeriSign,  this  would  be  a  major  fraud  that  would  render  the  protocol 
insecure. 

Much  depends  on  the  way  SSL  is  implemented-it  is  only  as  strong  as  its 
weakest  keys  and  algorithms.  With  a  reasonable  SSL  implementation  (good 
encryption  algorithms,  reliable  TCP/IP  network,  long  enough  key  lengths), 
buyers  and  sellers  need  not  worry  about  eavesdroppers. 

6.  Market  Acceptance 

SSL  has  been  widely  accepted  by  Web  server  vendors.  Thousands  of 
merchants  offer  SSL  servers  that  can  encrypt  credit  card  transactions  over 
the  Internet. 

7.  INPUT  Assessment 

SSL,  though  a  relatively  simple  mechanism,  has  proven  useful  in  enabling 
credit  card  transactions  over  the  Internet.  It  will  be  part  of  the  SET 
standard. 

SSL  was  used  in  1995  and  1996  to  differentiate  Web  servers.  Users  paid  a 
premium  for  a  Web  server  that  supported  SSL. 
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However,  SSL  is  becoming  a  commodity  that  will  no  longer  be  able  to 
command  a  higher  price.  With  the  advent  of  SET,  users  will  look  for  more 
capable  Web  server  features. 

On  the  client  side,  SSL  implementations  do  not  need  a  wallet.  The  user 
certificate,  if  there  is  one,  is  stored  with  the  browser.  Whenever  users 
encounter  an  SSL-enabled  browser,  they  end  up  filling  in  forms  and 
answering  questions  about  the  site. 

The  merchant  does  not  usually  store  a  credit  card  number,  though  there  are 
exceptions. 

Amazon.com,  the  bookstore  with  over  a  million  books,  uses  a  Netscape 
Commerce  Server  and  does  keep  credit  cards  on  file. 

The  user  may  be  spared  entering  credit  card  data  at  each  visit  to  the  store, 
but  Amazon.com  gets  many  of  its  book  reviews  entered  by  users. 

The  trend  is  toward  users  entering  personal  information  for  SSL-enabled 
servers  that  can  then  be  used  for  tracking  down  system  abusers,  subsequent 
site  visits,  and  targeted  marketing. 

Open  Market,  with  OM-Transact  operational  at  Time-Warner,  MCI,  and 
First  Union  Bank,  was  the  first  vendor  to  provide  application  software  that 
acts  as  a  cash  register  for  processing  credit  card  and  other  transactions. 

The  attraction  of  Open  Market's  solution  is  that  it  separates  payment  from 
content,  so  a  merchant  can  keep  the  Web  site  content  and  the  bank  can 
handle  payment  processing. 

Netscape  and  Microsoft  are  also  offering  Merchant  Systems,  servers  to 
process  merchant  payments.  These  servers  enable  "shopping  carts"  to  be  set 
up. 

Currently  Internet  shopping  Web  site  user  interfaces  range  from  superb,  as 
found  at  the  bookstore  Amazon.com,  to  overly  complex.  The  field  research 
conducted  for  this  project  indicates  that  the  majority  of  merchants  have  yet 
to  implement  shopping  carts. 
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I  

Visa/MasterCard-SET 

1.  Process 

SET  (Secure  Electronic  Transactions)  is  a  proposed  standard  from  Visa  and 
MasterCard  for  processing  credit  cards  over  the  Internet.  It  came  from  Visa's 
Secure  Transaction  Technology  (STT)  standard  and  MasterCard's  Secure 
Electronic  Payment  Protocol  (SEPP)  standard  in  February  1996. 

American  Express  announced  that  it  would  license  Microsoft's  SET 
implementation  in  the  first  half  of  1996.  Additional  partners  include: 

•  GTE 

•  IBM 

•  Netscape 

•  SAIC 

•  Terisa  Systems 

•  VeriSign 

Already,  Internet  commerce  software  vendors,  like  RSA,  have  made 
significant  commitments  to  the  protocol. 

The  main  advantage  of  SET  over  SSL  is  that,  like  a  credit  card,  it  associates 
merchant  and  buyer  with  a  financial  institution  and  credit  card  company, 
providing  an  additional  degree  of  security. 

The  problem  with  SSL  is  that  the  transaction  is  unencrypted  at  the 
merchant  site  and  depends  on  the  merchant's  firewalls  and  other  security  to 
keep  it  safe  from  attack.  This  puts  the  bank  at  risk. 

SET  puts  the  onus  on  the  bank  or  card  processor  to  keep  the  transaction 
secure. 

By  early  1997,  SET  will  start  to  be  used  as  the  leading  standard  for  credit 
card  payments. 

Initially,  VeriFone  will  offer  SSL  between  the  browser  and  merchant  and 
SET  between  the  merchant  and  credit  card  acquirer  (acquiring  bank  or  credit 
card  processor),  thus  bridging  the  transition  to  full  SET  transactions. 
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SET's  goals  are  to: 

•  Provide  authentication  of  merchants  and  retailers 

•  Ensure  payment  integrity 

•  Ensure  confidentiality  of  information 

In  addition,  SET  aims  to  comply  with  government  cryptography  restrictions. 

Signatures  follow  a  hierarchy  to  comply  with  regional  legislation.  Each 
signatory  has  two  sets  of  public/private  key  pairs,  a  Signature  Key  and  a 
Key-Exchange  Key.  The  public  keys  are  made  known  to  those  requiring 
them,  using  certificates  under  the  certification  hierarchy  illustrated  in 
Exhibit  IV-6. 


Exhibit  IV-6 

Signature  Hierarchies  for  SET 


Source:  SET  and  INPUT 


The  public  key  of  the  root  of  the  Certificate  Authority  (CA)  hierarchy  will  be 
widely  distributed  as  part  of  the  SET  software  implementations.  The 
association  will  verify  keys  for  the  geopolitical  organization,  if  one  exists.  The 
issuer,  normally  a  bank,  will  issue  certificates  to  cardholders. 

The  SET  specification  includes  an  on-line  registration  procedure  for  existing 
credit  cardholders  and  merchants  in  which  they  use  software  to  generate 
their  key  pairs  and  ask  their  issuers  and  acquirers  to  create  certificates  for 
them. 
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SET  is  a  standard  for  payment,  not  general  electronic  commerce.  Exhibit 
IV-7  shows  diagramatically  how  order  and  payment  information  are  linked. 


Exhibit  IV-7 


Order  and  Payment  Information 


The  SET  system  creates  separate  digests  of  the  order  and  payment 
information.  These  are  concatenated  to  make  a  combined  digest  that  is 
signed  by  the  purchaser  using  his  private  key. 

Any  person  who  possesses  one  component  of  the  message  and  the  message 
digest  for  the  other  component  can  verify  the  dual  signature.  Possibilities 
are: 

•  Merchant  -  has  order  information  and  digest  for  payment  instructions 

-  can  fulfill  order  without  knowing  credit  card  numbers 

•  Acquirer  -  has  payment  instructions  and  digest  for  order  information 

-  can  process  credit  card  information  without  knowing  order  details 

Exhibit  IV-8  shows  a  typical  transaction  flow  between  cardholder,  merchant, 
and  payment  gateway  for  making  a  payment  using  SET. 
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Exhibit  IV-8 


Transaction  Flow  for  SET 


Intitiate  Request 


Initiate  Response 
Send  Certificates 


Purchase  Request 
Send  OI  and  PI 


Payment  Response 


Authorization  Request 
Send  PI  and  Dual  Signature 


Authorization  Response 
Send  Capture  Token 


Capture  Request 
Include  Capture  Token 


Capture  Response 


Source:  SET  and  INPUT 


The  first  SET  action  is  to  initiate  a  request  to  a  merchant.  The  merchant 
responds  with  a  copy  of  its  certificate  to  prove  it  is  genuine  and  as 
acknowledgment. 

The  payment  gateway  is  connected  to  the  existing  credit  card  verification 
system  by  an  acquirer  who  uses  a  private  secure  network  to  carry 
transaction  information.  The  cardholder  encrypts  payment  instructions, 
using  the  public  key  of  the  payment  gateway  to  encrypt  the  credit  card 
information  and  the  public  key  of  the  merchant  to  encrypt  the  order. 

The  encrypted  order,  payment  information  and  dual  signature  are  sent  to  the 
payment  gateway  by  the  merchant  for  verification. 

A  capture  token  comes  back  from  the  payment  gateway  to  the  merchant, 
analogous  to  the  authorization  code  familiar  to  credit  card  purchases.  A 
response  is  sent  on  to  the  cardholder. 

The  merchant  then  sends  the  purchase  request  with  the  capture  token  back 
to  the  payment  gateway,  which  acknowledges  it. 

The  timing  of  sending  the  response  to  the  cardholder  from  the  merchant  may 
vary.  Some  will  want  authorization  from  the  acquirer,  others  will  reply 
immediately  to  the  cardholder  without  verification. 

SET  allows  for  variations  in  the  basic  process,  which  resembles  that  of 
traditional  credit  card  processing. 
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MasterCard  does  not  initially  intend  to  offer  cardholders  certificates, 
meaning  that  they  cannot  have  digitally  verifiable  signatures. 

Visa  will  require  cardholders  to  generate  their  own  keys  and  have  them 
certified  by  a  Visa  acquirer.  Visa  envisions  the  same  digital  signature  being 
used  "on  the  net"  as  "on  the  street." 

GC  Tech  of  France  aims  to  be  a  European  CA. 

In  reality,  there  will  be  multiple  CAs,  who  will  need  to  define  zones  of 
mutual  trust.  Candidate  CAs  are  VeriSign,  Visa,  NACHA,  the  U.S.  Post 
Office,  and  CyberCash. 

2.  Typical  Merchant 

The  typical  merchant  will  be  an  existing  credit  card  merchant.  Some  new 
merchants  who  have  Internet-only  businesses  will  emerge,  but  most 
merchants  will  have  "on  the  net"  and  "off  the  net"  presences. 

3.  Advantages 

SET  is  sponsored  by  leading  credit  card  companies,  software  companies, 
acquirers,  and  banks;  it  uses  a  familiar  credit  card  processing  infrastructure. 

It  provides  authentication  of  both  buyer  and  seller  (MasterCard  will  not 
authenticate  the  buyer  initially  using  SET  digital  certificates). 

The  use  of  wallets  should  make  it  easier  to  create  smooth  and  easy-to- 
navigate  user  interfaces,  as  well  as  transaction  logging  for  the  wallet  owner. 

4.  Disadvantages 

SET  is  unsuitable  for  low-cost  items-it  costs  30  cents  to  process  a 
transaction,  with  a  2%  to  6%  fee  for  merchants. 

5.  Security 

SET  provides  nonrepudiation  of  consumers  and  blinding  of  merchants  to 
credit  card  information. 

It  is  considered  superior  to  SSL  because  it  links  the  merchant  to  a  payment 
processor  and  the  merchant  does  not  handle  credit  card  numbers. 

CyberCash's  pioneering  system  is  not  open,  but  will  move  to  SET. 

Initially  setting  up  certificates  with  a  user  and  a  merchant  can  be  tedious, 
but  the  process  is  expected  to  accelerate  as  companies  set  up  customer 
service  representatives  to  handle  Internet  transactions. 
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6.  Market  Acceptance 

Visa  and  MasterCard  claim  over  800  million  cardholders,  worldwide.  The 
SET  standard  is  expected  to  be  widely  implemented  within  this  group  by 
year-end  1996. 

A  reference  implementation  of  SET  is  available  free  of  charge  to  vendors. 
MasterCard  and  Visa  provide  considerable  support  on  their  Web  sites  for  the 
standard. 

The  goal  of  SET  was  to  be  in  operation  for  Christmas  1996.  Whereas  this 
may  happen  for  a  few  sites,  widespread  deployment  is  more  likely  by 
Christmas  1997. 

SET  has  had  wide  adoption  by  the  industry;  a  few  participants  are  listed 
below: 

•  Credit  card  companies  -  Visa,  MasterCard,  American  Express,  Discover 

•  Server  software  vendors  -  Netscape,  Microsoft,  O'Reilly,  Oracle 

•  Systems  vendors  -  IBM,  Sun,  Silicon  Graphics,  Digital,  Compaq 

•  Commerce  application  companies  -  Open  Market,  Connect,  Broadvision 

•  Point-of-sale  vendors  -  VeriFone,  ICVerify 

7.  INPUT  Assessment 

Certificate  Authorities  are  likely  to  evolve  like  the  bank  ATM  networks 
Cirrus  and  Plus.  These  started  out  by  working  with  a  few  banks;  eventually 
more  banks  became  connected  and  they  connected  to  overseas  networks  like 
U.K.-based  Link. 

This  then  enables  international  funds  transfers  to  be  made  rapidly. 
International  Internet  payments  will  be  facilitated  by  agreements  and 
network  interfaces  between  CAs. 

Certificate  Authorities  will  require  the  highest  levels  of  security  and  will  be 
targets  for  intruders  and  hackers. 

It  is  desirable  that  there  be  more  than  one  CA  per  country  and  that  data  be 
distributed  and  secured  with  data  recovery  systems.  Security  will  have  to  be 
at  least  as  high  as  that  offered  by  a  bank. 

How  consumers  will  store  their  certificates  is  an  open  issue.  Wallets  have 
been  proposed,  but  these  are  inconvenient  if  they  stay  on  a  desktop 
computer. 
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General  Magic  and  Sony  have  announced  home  banking  on  a  PDA.  One 
scenario  is  that  the  wallet  is  encoded  in  a  smart  card  that  can  be  read  by  a 
PC,  but  then  the  advantage  of  having  a  wallet  encoded  in  data  only 
disappears. 

Specialized  electronic  organizers  that  pay  checks  are  starting  to  appear; 
perhaps  these  will  evolve  into  wallets.  Telephones  could  also  hold  wallets. 

The  most  likely  scenario  is  to  store  the  wallet  information  in  a  card  or 
organizer  that  can  be  transmitted  to  a  PC  with  a  simple  connection,  such  as 
an  infrared  link. 

Initially,  cards  will  be  for  a  single  CA;  then  a  bank  or  other  service 
institution  could  consolidate  multiple  consumer  identities  on  a  single  card. 

Banks  are  already  offering  Visa  debit  cards  and  ATM  cards  on  one  piece  of 
plastic,  so  the  trend  toward  putting  multiple  identities  on  a  card  has  already 
begun. 

Wallet  software  is  already  available  for  paying  bills  through  EFT  from 
Intuit.  The  Quicken  Financial  Network  is  Intuit's  private  network  for  bill 
paying.  Intuit  uses  1024-bit  public  key  encryption  from  RSA. 

Paying  regular  bills  is  a  different  process  from  shopping,  but  where  bill 
payments  are  less  regular,  ultimately  the  consumer  may  want  one  wallet. 

As  Intuit  battles  Microsoft  in  the  consumer  financial  software  market,  it  is 
still  an  open  issue  whether  Quicken  Financial  Network  will  be  a  dark  horse 
in  the  payment  area  and  compete  with  CyberCash  and  VeriFone. 

It  is  expected  that  transaction  logs  from  SET  wallets  will  be  able  to  operate 
with  Quicken  and  other  financial  management  software,  just  as  Quicken 
interfaces  to  bank  and  credit  card  accounts. 

Credit  cards  will  be  the  predominant  form  of  payment,  for  both  consumers 
and  businesses,  for  occasional  purchases  over  $10. 

Competition  from  micropayment  schemes  for  this  type  of  purchase  will  be 
slow  in  coming  because  the  infrastructure  is  already  entrenched  for  credit 
card  processing. 

Merchants  will  be  afraid  to  move  to  newer  micropayment  schemes  as  long  as 
there  are  several  options,  for  fear  they  will  choose  the  wrong  standard. 

FSTC  checks  may  offer  competition  by  1998,  but  like  the  competition 
between  credit  cards  and  travelers  checks,  SET  is  likely  to  win. 
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J  

Checklist  for  Payment  Methods 

Any  payment  system  can  be  measured  against  the  following  desirable 
features: 

•  A  store  of  value 

-  heavy  cash  is  less  convenient  than  a  plastic  card 

-  for  computer  users,  a  card  may  be  less  convenient  than  storing  data 
on  the  computer  disk 

•  Wide  acceptance 

-  national  currencies  are  becoming  obsolete  as  credit  cards  become 
globally  accepted 

•  Low  cost,  easy  user  interface 

-  automatic  teller  machines  prove  too  difficult  for  some  users,  like  the 
elderly  and  the  blind 

•  Automatic  data  capture  and  aggregation 

-  some  users  want  anonymity 

-  some  countries  like  the  U.S.  make  extensive  use  of  credit  card  data;  in 
other  countries,  this  is  illegal 

•  Ensure  that  the  transaction  is  satisfactory 

-  both  user  and  merchant  must  be  satisfied  each  is  genuine 

-  users  must  have  the  funds,  merchants  must  be  able  to  deliver  the 
goods 

-  beyond  individual  transactions,  currencies  must  be  backed  up  by 
assets,  banks  need  reserves,  new  payment  schemes  must  be  solvent 

•  Insurance  against  loss  or  theft 

-  some  forms  of  payment  like  travelers  checks  can  be  replaced;  others 
cannot  be;  some  have  limits 

-  besides  insuring  the  payment  vehicle,  a  card  issuer  may  choose  to 
provide  some  insurance  against  bad  purchases  or  unsatisfactory 
transactions 
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•  Line  of  credit 

-  prices  of  obtaining  a  line  of  credit  may  vary  under  different  schemes 

•  On-demand  convertibility  to  other  payment  systems 

-  credit  card  issuers  may  offer  cash  withdrawal  at  ATMs  for  a  fee 

-  exchanging  cash  may  be  harder  than  using  a  credit  card  in  a  foreign 
land 

-  the  Internet  potentially  threatens  national  currencies  and  economies 
as  global  buyers  and  sellers  emerge 

•  Privacy 

-  some  transactions  are  totally  anonymous,  like  cash  and  some  forms  of 
digital  cash 

•  Settlement  and  clearing  time 

-  the  purchaser  likes  to  use  the  float 

-  merchants  like  to  be  paid  fast 

No  single  payment  method  offers  all  the  above  features.  Trade-offs  have  to  be 
made.  Buyers  and  sellers  may  have  incompatible  requirements,  for  example 
regarding  ideal  settlement  and  clearing  time. 

Exhibit  IV- 9  provides  a  comparison  of  how  emerging  payment  methods 
compare  with  the  features  listed  above.  The  exhibit  columns  are  split  across 
several  pages  and  the  first  column  of  each  table  on  each  page  is  the  same. 
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Exhibit  IV-9 


Feature  Comparison  of  Payment  Methodologies 


Feature 

CyberCash  Coin 

DigiCash  -  ECash 

First  Virtual 

Stored  value 

No,  instruction  to  pay 

Yes 

No,  instruction  to  pay 

Wide  acceptance 

Yes,  likely  leverage  through 
partners 

No,  both  parties  currently  must  use  the 
same  bank.  Cannot  be  passed  on  to  third 
parties.  ECash  can  only  be  used  for  one 
transaction. 

No,  Internet  only 

Ease  of  use 

Yes,  wallet  simplifies  buying 

Fair,  user  has  to  keep  track  of  transactions 
and  prepay  for  ECash  from  a  bank 

Poor 

Data  capture 

Yes,  wallet  log  and  CyberCash 

No,  software  has  a  local  log,  but  user  is 
responsible  for  aggregating  and 
safekeeping  of  the  log 

Yes,  credit  card 
statement 

Satisfactory 
transactions 

Unclear;  for  low-value  items  it 
may  not  matter 

No,  as  with  real  cash 

Yes  for  buyer,  no  for 
seller 

Insured  against 
loss 

Yes,  CyberCash  keeps  log 

No,  unless  user  backs  up  disk.  One  can 
get  a  refund  if  the  seed  number  for  coin 
serial  numbers  is  presented  to  the  bank. 

Credit  card  risk  $50 

Line  of  credit 

No,  coin  is  prepaid 

No 

Yes,  25-30  days  to 
pay 

Convertible  to 
other  systems 

Coin  can  go  into  checking 
account 

Yes,  for  a  fee  it  can  be  deposited  into  a 
checking  account 

No 

Privacy 

Merchant  does  not  know  buyer, 
but  CyberCash  does 

Yes  for  consumer,  no  for  merchant.  Payor 
can  prove  who  was  paid.  Received  ECash 
has  to  be  deposited  into  a  bank. 

No,  FV  knows  details 

Quick  clearing 

Fair,  next  banking  day  for 
consumer,  possibly  for 
merchants,  more  likely  2-3  days 
for  merchants 

Yes,  it  is  prepaid.  Merchant  gets  paid  at 
time  of  deposit. 

No,  seller  may  wait  30 
days 

Source:  INPUT 


EEA6 


©  1997  by  INPUT.  Reproduction  Prohibited. 


69 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


Exhibit  IV-9  cont. 


Feature  Comparison  of  Payment  Methodologies  (cont.) 


Feature 

FSTC  E-Check 

Mondex 

Stored  value 

No,  instruction  to  pay 

Yes 

Wide  acceptance 

No,  requires  banking  network,  POS  investments 
and  consumer  card  readers  or  wallets 

Potentially  it  could  be  used  for  peer-to-peer 
payments 

Likely,  but  not  yet 

Today  both  parties  must  use  the  same  bank,  but  in 
the  future  it  will  become  global,  supporting  five 
currencies  in  one  card 

Can  be  passed  to  third  parties 

Ease  of  use 

If  card  issuing  is  easy,  then  as  simple  to  use  as  a 
credit/debit  card 

Processors  could  reduce  paper  handling  costs 
significantly 

Wide  range  of  devices  supported  with  appropriate 
modifications  -  ATMs,  smart  phones,  POS  card 
readers,  PC  card  readers 

Data  capture 

Yes,  at  POS  or  in  PC.  Bank  statement  could  show 
full  check  details. 

10  transactions  are  saved  in  the  card,  user  is 
responsible  for  capturing  more  details  from  PC 
software  or  a  wallet  log 

Satisfactory 
transactions 

No,  depends  on  same  criteria  as  paper  check; 
verification  of  funds  is  needed 

No,  this  is  cash  and  depends  on  merchant's  return 
policy 

Insured  against 
loss 

Not  needed,  as  check  can  be  rewritten  and  it  is 
less  subject  to  fraud  than  paper  checks 

No,  the  wallet  enables  users  to  store  higher  value 
amounts  there;  the  card  is  intended  for  small 
amounts 

Line  of  credit 

Depends  on  bank  account 

No 

Convertible  to 
other  systems 

Yes,  can  be  converted  to  cash  at  a  bank 

Yes,  can  be  deposited  into  a  checking  account 

Privacy 

No,  bank  will  have  transaction  record,  rather  than 
just  those  over  $300  as  now 

Some;  can  be  passed  on  to  a  third  party.  Seller 
has  complete  records 

Quick  clearing 

No,  payee  has  to  deposit  before  it  can  clear,  plus  1 
or  2  days  settlement 

Yes,  this  is  cash 

Source:  INPUT 
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Exhibit  IV-9  cont. 


Feature  Comparison  of  Payment  Methodologies  (cont.) 


Feature 

SET  Credit  Card 

SSL 

Visa  Australian  Trial 

Stored  value 

No,  instruction  to  pay 

No,  instruction  to  pay 

Yes 

Wide  acceptance 

Yes,  700  million  Visa  and  MC 
card  holders,  plus  purchasing 
cards  in  corporations 

Fair,  only  on  Internet 

Yes,  large  installed  base  that 
can  be  persuaded  to  upgrade 

Not  for  peer-to-peer 

Ease  of  use 

Yes,  wallet  standards 

Fair,  user  may  tire  of  forms 

Yes,  can  use  at  ATMs  and  POSs 

Data  capture 

Yes,  wallet  log  and  credit  card 
statement 

Yes,  user  captures  data 

All  transactions  captured  and 
aggregated  at  point  of  purchase 

Satisfactory 
transactions 

Merchant  is  guaranteed  funds  if 
signed,  authorized  transaction; 
consumer  is  backed  by  credit 
card  company 

Yes  for  buyer,  no  for  seller 

No,  this  is  cash,  depends  on 
merchant  return  policy. 

Insured  against 
loss 

Yes,  like  credit  card  $50  max  risk 

Credit  card  risk  $50 

Yes,  like  travelers  checks 

Line  of  credit 

Yes,  25-30  days  like  credit  card 

Yes,  25-30  days  like  credit  card 

No 

Convertible  to 
other  systems 

No,  except  for  high-fee  cash 
advance.  Convertible  worldwide 
into  other  currencies. 

No 

Yes,  can  be  deposited  into  a 
checking  account 

Privacy 

No,  merchant  and  transaction 
processor  have  information  on 
buying  patterns 

No,  merchant  sees  details 

No 

Quick  clearing 

Fair,  merchant  paid  in  2-3  days 

Fair,  merchant  paid  in  2-3  days 

Yes,  this  is  cash 

Source:  INPUT 
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User  Awareness 


What  Users  Want  from  a  Payment  System 


1.        What  Do  Businesses  Prefer  in  a  Payment  System? 

In  early  Mondex  cash  card  trials,  merchants  in  Swindon  (U.K.)  enjoyed  using 
the  system  because  handling  electronic  data  cost  less  than  handling  cash  or 
checks.  Merchants  also  like  to  get  paid  fast.  Giving  a  merchant  instant  credit 
is  an  advantage  over  other,  slower  payment  methods. 

Digital  signatures  and  other  security  features  are  attractive  to  merchants 
who  are  victims  of  bounced  checks,  false  signatures,  and  fake  currency. 

Exhibit  V-l  indicates  what  businesses  prefer  in  a  payment  system. 


Exhibit  V-1 


Business  Reasons  for  Preferring  a  Payment  System 


Lower  Costs 


Timing 


Lower  Risks 


 — — —  — 
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64% 


More  Data  1% 
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2.        What  Business  Thinks  Consumers  Want 

INPUT'S  market  survey,  conducted  in  the  U.  S,  requested  businesses  to 
identify  what  they  believed  consumers  wanted.  The  results  are  shown  in 
Exhibit  V-2. 

Safety  and  foolproof  operation  are  uppermost.  This  is  why  banks  are  very 
cautious  about  exposing  their  risk  by  putting  too  much  cash  into  a  cash  card. 
Any  adverse  publicity-about  hackers,  security  breaches,  or  unreliable 
systems-causes  loss  of  consumer  confidence  in  the  banking  system. 

Convenience  is  the  next  requirement,  hence  the  preference  for  convenient 
credit  card-sized  smart  cards  by  banks. 

Businesses  think  that  consumers  are  less  interested  in  privacy  and 
accountability.  This  survey  was  done  in  the  U.S.,  where  privacy  is  less  of  a 
concern  than  in  Europe. 
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3.        Which  Payment  Systems  Will  Businesses  Prefer? 

Exhibit  V-3  shows  use  and  planned  use  of  different  payment  systems  by 
businesses. 

As  mentioned  earlier,  90%  of  businesses  plan  to  use  purchasing  cards.  This  is 
the  most  widespread  payment  option  in  terms  of  percentage  of  businesses 
penetrated. 
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Financial  EDI  (FEDI)  is  used  by  84%  of  companies  and  a  somewhat  lower 
percentage  either  use  or  plan  to  use  EDI  over  the  Internet. 

It  is  not  surprising  that  only  50%  of  businesses  plan  to  use  smart  cards,  as 
they  are  most  likely  to  be  used  by  retailers,  banks,  and  consumers  initially. 

SET,  for  sending  credit  card  payment  over  networks,  is  only  planned  by  40% 
of  businesses,  but  this  is  likely  to  increase  as  products  that  use  the  standard 
become  available. 

Electronic  checks  were  not  seen  as  useful,  for  only  30%  of  businesses  used  or 
planned  to  use  them.  Many  businesses  expressed  a  preference  for  paper 
checks  because  the  latter  support  their  business  processes  and  provide  a 
permanent  transaction  record  when  they  are  returned. 


Exhibit  V-3 

Planned  and  Current  Use  of  Payment  Methods 
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4.        Desirable  Consumer  Services 

Businesses  were  asked  to  point  out  which  what  services  they  thought 
consumers  would  use.  Bill  presentment  to  deposit  money  in  a  bank  was  seen 
as  less  desirable  for  consumers.  Electronic  checks  did  not  rank  highly,  with 
only  8%  of  businesses  thinking  that  consumers  would  find  E-Checks 
desirable. 

Exhibit  V-4  shows  that  account  balancing  and  billing  inquiries  were  the  most 
useful. 


Desirable  Consumer  Services  from  a  Business  Perspective 
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5.        How  Will  New  Purchasing  Methods  Affect  Payment  Timing? 

Exhibit  V-5  shows  how  businesses  think  electronic  payment  methods  will 
affect  the  timing  of  payments.  Most  think  they  will  get  paid  faster,  which  is 
true  with  some  of  the  electronic  cash  schemes  compared  with  credit  card 
payments. 

Almost  half  (44%)  think  they  will  be  able  to  pay  their  bills  faster.  Some  think 
payment  will  be  slower.  Some  think  that  using  credit  cards  instead  of  checks 
will  give  them  more  time  to  pay. 
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Exhibit  V-5 


How  New  Purchasing  Methods  Will  Affect  Payment  Timing 
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Purchasing  Cards 


1.        Are  Purchasing  Cards  Prevalent? 

Although  purchasing  cards  were  introduced  only  four  years  ago,  Visa  and 
MasterCard  estimate  that  nearly  100%  of  the  Fortune  100  and  60%  of 
businesses  with  over  $100  million  in  revenue  will  have  some  purchasing  card 
(Pcard)  program  in  place  by  year  end  1996. 

Companies  are  adopting  Pcards  to  reduce  the  cost  of  making  a  small 
purchase.  The  typical  purchasing  process  costs  between  $20  and  $80  per 
transaction  in  administrative  resources-often  more  than  the  value  of  the 
goods  being  purchased.  The  process  comprises: 


•  Requisition 

•  Approval 

•  Purchase  Order 

•  Ship  Receipt 
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•  Invoice 

•  Three-Way  Match 

•  Check  Sending 

Credit  card  companies  can  deliver  timely  reports  on  Pcard  purchases,  saving 
users  clerical  work.  Pcards  enable  Internet  commerce  for  businesses.  There 
is  no  need  for  a  buyer  to  set  up  a  purchasing  relationship  or  establish  trade 
credit. 

Credit  cards  are  unsuitable  for  most  primary  commerce  purchases,  where 
long-term  supply  contracts  will  continue  to  predominate.  Pcards  are  likely  to 
be  used  for  purchasing: 

•  Software 

•  PCs  -  when  not  part  of  a  bulk  order 

•  Office  supplies 

•  Copiers  and  related  servicing 

•  Laboratory  components  -  in  small  quantities 

•  Medical  supplies 

•  Miscellaneous  equipment  parts 

•  Books 

•  Information 

It  is  likely  that  Web  sites  selling  to  businesses  will  offer  on-line  payment  by 
credit  card  routinely  in  1997. 

Exhibit  V-6  shows  the  survey  result  that  only  10%  of  businesses  do  not  use 
some  kind  of  credit  or  other  purchasing  card.  This  is  somewhat  higher  than 
the  Visa  and  MasterCard  estimates. 
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Exhibit  V-6 

Percentage  of  Businesses  Using  a  Purchasing  Card 
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90% 


Source:  INPUT 

Exhibit  V-7  shows  how  businesses  rank  perceived  benefits  of  a  purchasing 
card  program. 

Their  main  interest  is  in  reducing  procurement  costs.  Spending  limits  are 
typically  set  per  month  and  per  transaction. 

Larger  volume  businesses  typically  have  no  fee  and  receive  up  to  30  days 
credit. 

Accounting  departments  can  aggregate  the  entire  amount  on  a  card  and  rely 
on  reports  produced  by  the  credit  card  company  for  account  details.  For 
companies  that  want  more  detailed  reporting  (Level  2  or  Level  3  POS  detail), 
electronic  accounting  information  is  available  in  most  cases. 

Purchasing  card  programs  can  improve  employee  morale  by  making  them 
feel  more  in  control  and  in  charge  of  their  own  small  purchases. 

Purchasing  cards  enable  employees  to  participate  in  Internet  commerce  from 
their  workplace.  Purchasing  cards  should  simplify  acceptance  of  Internet 
commerce  in  business. 

Methods  that  support  E-Checks  and  POs  will  lag  behind  SET  credit  card 
payment  systems  by  about  a  year  in  their  deployment  to  most  businesses. 
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2.        Purchasing  Card  Transaction  Amounts 

Exhibit  V-8  shows  the  percentage  of  respondents,  of  those  using  purchasing 
cards,  that  used  their  cards  for  different  amounts  of  purchases  under  $100. 
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Almost  none  (2%)  only  used  them  for  purchases  over  $100.  Most  respondents 
(54%)  had  between  50%  and  75%  of  their  transactions  under  $100. 

Only  4%  had  less  than  25%  of  their  purchasing  card  transactions  under 
$100.  Roughly  one-third  of  the  respondents  had  greater  than  50%  of  their 
transactions  to  purchase  over  $100  amounts. 

Purchase  cards  are  not  just  for  small  transactions,  hence  moves  by  Visa  and 
MasterCard  to  raise  purchasing  limits  on  corporate  cards. 
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3.        Purchasing  Cards  for  Maintenance,  Repair,  and  Office 
Transactions 

Given  that  some  companies  have  well-defined  small  maintenance,  repair, 
and  office  (MRO)  transactions  that  can  be  made  on  purchasing  cards,  INPUT 
sought  to  determine  what  proportion  of  MRO  transactions  are  actually  made 
using  Pcards. 

Exhibit  V-8  shows  this  percentage.  The  majority  (58%)  of  respondents  used 
their  cards  for  20-40%  of  MRO  transactions. 

No  respondent  used  purchasing  cards  for  all  MRO  transactions,  but  18%  said 
they  used  them  for  40-60%  of  MRO  transactions. 

Whereas  office  and  maintenance  expenses  are  paid  for  by  purchasing  cards 
in  some  instances,  other  options  like  purchase  orders  are  likely  to  remain 
open. 
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4.        Purchasing  Card  Use  for  Capital  Expenditures 

Exhibit  V-9  shows  the  percentage  of  respondents  (32%)  that  allowed  the  use 
of  purchasing  cards  for  capital  assets. 

Exhibit  V-9 

Can  Capital  Assets  Be  Purchased  Using  a  Purchasing  Card? 
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Source:  INPUT 

It  is  not  surprising  that  purchasing  cards  are  used  for  purchase  of  capital 
assets,  by  only  one-third  of  organizations,  given  that: 

•  Many  organizations  have  different  budgetary  cycles  and  signing 
authorities  for  capital  expenditures. 

•  Capital  budgets  may  have  to  be  planned  as  much  as  a  year  in  advance. 

•  Purchasing  cards  are  unsuitable  for  capital  expenditures  when  long-term 
contracts  with  suppliers  are  in  place  or  bulk  purchases  of  items  like 
computer  equipment  are  made  by  a  central  organization. 
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5.        Purchasing  Card  Use  by  Size  of  Business 

Exhibit  V-10  shows  the  use  of  purchasing  cards  by  company  size. 


Exhibit  V-10 
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Overall,  90%  of  businesses  use  purchasing  cards.  Almost  all  (99%)  large 
companies,  with  over  $100  million  in  annual  sales,  use  purchasing  cards.  In 
small  businesses  (less  than  $20  million),  the  sample  size  was  small,  but  only 
1%  use  purchasing  cards. 

Individual  credit  card  use  is  more  likely  in  very  small  businesses,  with 
reimbursement  after  the  individual  has  paid. 
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6.        Barriers  to  Using  Purchasing  Cards 

Exhibit  V-ll  shows  the  perceived  barriers  to  using  purchasing  cards. 

Exhibit  V-11 
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The  greatest  concern  is  loss  of  control  over  spending.  In  some  corporations, 
accounting  departments  want  to  account  for  every  penny;  other  cultures  do 
not  foster  micromanagement,  such  as  how  many  laser  toner  cartridges  were 
purchased. 

Calculating  sales  tax  is  a  burden  for  some  accountants  if  items  are  not 
accounted  for  individually. 

If  only  merchant  name  and  totals  are  captured  with  Level  1  reporting,  then 
sales  tax  can  only  be  estimated  and  exempt  items  such  as  services  and  food 
(in  some  states)  may  be  accounted  for  incorrectly. 

With  a  purchasing  card  program,  a  corporation  pays  a  bank,  rather  than 
many  smaller  institutions. 

Whereas  companies  can  delay  payment  to  a  few  small  suppliers,  they  find  it 
hard  to  do  so  with  their  credit  card  issuer.  This  may  cause  cash-strapped 
companies  to  avoid  purchasing  card  use. 

Management  resistance  to  using  purchasing  cards  stems  from  a  sense  of 
losing  control.  Purchase  orders  often  have  budget  numbers  attached  that 


84 


1997  by  INPUT  Reproduction  Prohibited. 


EEA6 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


belong  to  individual  departments,  whereas  purchasing  cards  may  not  track 
spending  to  the  departmental  unit. 

Managers  are  also  afraid  of  changing  their  habits.  Many  prefer  that  the 
purchasing  department  take  care  of  buying  items,  rather  than  burdening 
their  own  secretaries  or  themselves  with  the  chore. 

Companies  with  well-designed  on-line  requisition  purchases  that  send  e- 
forms  to  the  purchasing  department  may  be  reluctant  to  supply  purchasing 
cards  to  many  employees. 

Card  limits  are  another  barrier  to  the  use  of  purchasing  cards.  If  multiple 
cards  are  issued  for  an  account,  it  is  sometimes  difficult  to  tell  when  the 
credit  limit  is  reached. 

c  

Use  of  the  Internet  and  World  Wide  Web 

1.        Pros  and  Cons  of  Internet-based  Payments 

Exhibit  V-12  shows  the  benefits  businesses  perceive  of  using  the  Internet  for 
payment,  on  a  scale  of  1  to  5,  1  being  unimportant  and  5  being  very 
important. 

VAN  per-transaction  pricing  schemes  make  the  Internet  appear  attractive 
for  some  businesses  that  use  EDI.  Businesses  without  EDI  expect  that  the 
Web  will  enable  them  to  buy  with  more  choice,  ease,  and  speed  and  at  lower 
administrative  cost. 

If  Internet  checks  had  same-night  clearing  this  could  provide  businesses  with 
an  opportunity  to  provide  a  trade  discount.  Increased  processing  speed  could 
also  help  businesses  pay  faster,  increasing  customer  satisfaction  and 
goodwill. 
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Exhibit  V-12 

Benefits  of  the  Internet  for  Business-to-Business  Payments 
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Exhibit  V-13  shows  that  lack  of  security  and  loss  of  float  are  the  two 
concerns  businesses  mentioned. 

The  survey  results  showed  little  awareness  of  security  schemes,  such  as  the 
SET  protocol  for  credit  card  payment  over  the  Internet,  among  the 
respondents.  There  was  also  little  awareness  of  commerce  transaction 
systems  from  companies  like  Broadvision,  Open  Market,  and  Connect. 
Instead,  fear  of  security  breaches  was  prevalent  among  respondents. 

Businesses  also  indicated  that  they  would  miss  the  float  associated  with 
paper  checks. 
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Barriers  to  Internet  Acceptance  for  Business-to-Business 

Payments 
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Exhibit  V-14  shows  the  benefits  to  businesses  of  the  Internet  for  consumer- 
to-business  payments. 

Over  50%  of  companies  were  planning  to  sell  some  of  their  products  over  the 
WWW  by  mid- 1997.  Even  businesses  selling  expensive  capital  goods  were 
interested  in  using  the  Web  to  sell  replacement  parts,  upgrades,  and 
supplies. 

The  lowest  interest  in  Internet  commerce  was  found  in  the  wholesale  grocery 
industry,  a  segment  threatened  by  improved  distribution.  This  industry  has 
already  invested  in  inventory  replenishment,  electronic  links  to  customers, 
and  automatic  handling  systems,  and  does  not  see  additional  advantages  to 
be  gained  from  the  Internet. 

Increasing  sales  is  the  main  reason  that  businesses  are  interested  in  the 
Web. 

Improving  cash  flow  by  reducing  order  processing  time  is  attractive.  The 
Internet  promises  to  change  the  "net  30  day"  payment  terms  to  "ship  within 
48  hours  after  credit  card  verification."  The  faster  settlement  time  for  credit 
card  payments  makes  it  worth  the  2%  merchants  have  to  pay,  in  many  cases. 

Non-EDI  users  were  particularly  interested  in  the  Internet  for  reducing 
paper  processing  and  phone  order  taking  costs. 

Integrating  accounting  systems  with  Web  sites  was  of  considerable  interest. 
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Exhibit  V-14 


Benefits  of  the  Internet  for  Consumer-to-Business  Payments 
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The  survey  results  shown  in  Exhibit  V-15  indicate  why  merchants  are 
reluctant  to  accept  Internet-based  payments. 

Security  is  once  again  uppermost.  System  costs  and  lack  of  standards  were 
also  concerns. 

When  INPUT  probed  merchants  who  were  the  most  Internet  savvy,  they 
believed  that  payment  systems  that  relied  on  software,  rather  than 
hardware  like  wallets  and  Mondex  cards,  cost  less  to  implement. 

Merchants,  unlike  some  banks,  were  prepared  to  accept  the  greater  security 
risks  of  a  software  system.  Credit  card  transactions  with  SET  were  felt  to  be 
secure  enough. 

For  all  the  payment  systems,  lack  of  standards  was  a  concern. 

For  check  truncation,  large  billers  are  waiting  to  see  if  FSTC,  NACHA, 
ECCO  or  the  Federal  Reserve  will  set  the  standards,  as  they  all  have 
different  ways  to  capture  and  process  check  images  at  the  point  of  payment. 

Large  billers  have  made  considerable  investments  in  check  processing 
systems,  some  with  imaging,  and  have  achieved  low  processing  costs.  They 
believe  moving  to  a  new  E-Check  system  may  increase  processing  costs 
initially,  so  paper  checks  will  likely  remain  in  use  for  some  time. 
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Exhibit  V-15 

Barriers  to  Internet  Acceptance  for  Consumer-to-Business 

Payments 
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2.        Use  of  the  World  Wide  Web 

Exhibit  V-16  shows  how  many  companies  plan  to  use  the  WWW  to  purchase 
from  business  catalogs  in  the  next  year. 

The  majority  (58%)  do  not  plan  to  use  Web  catalogs.  There  is  an  increase  in 
Web  catalog  use  from  INPUT'S  1995  study  on  electronic  catalogs  and  malls, 
when  very  few  purchasing  managers  even  used  the  Internet. 


Exhibit  V-16 

Percentage  of  Respondents  Using  WWW  Catalogs 
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3. 


How  Will  Users  Purchase  on  the  Web? 


Exhibit  V-17 


Exhibit  V-17  shows  the  reasons  for  respondents  preferring  a  purchase  order 
to  the  use  of  a  purchasing  card  when  making  a  Web-based  purchase. 

The  majority  of  respondents  (90%)  plan  to  continue  using  purchase  orders  to 
complete  the  transaction.  This  will  change  over  time  as  electronic  payment 
methods  advance.  However,  it  shows  many  businesses  do  not  trust  or  cannot 
use  purchasing  cards  to  pay  for  goods  and  services  from  Web  catalogs.  These 
survey  results  indicate  that: 

•  Vendors  do  not  accept  credit  card  payment 

•  The  amounts  are  too  high 

•  Corporate  policies  may  prevent  purchasing  card  use 

Purchasing  card  use  is  expected  to  be  much  higher  in  the  U.S.  than  in 
Europe  because  of  more  widespread  acceptance  of  credit  cards. 

POs  Preferred  to  Purchasing  Cards  for  Web  Purchases 
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Lower  Costs 


Timing 


Lower  Risks 


96% 


82% 


I  64% 
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4.       Will  EDI  Systems  Be  Affected  by  the  Internet? 

Exhibit  V-18  shows  that  40%  of  respondents  expect  their  EDI  systems  to 
change  because  of  the  Internet.  This  is  good  for  vendors  like  Premenos  that 
supply  Internet-based  EDI  systems. 

All  the  traditional  EDI  service  vendors  are  embracing  the  Internet,  so  they 
should  be  able  to  sell  new  services  to  a  high  proportion  of  their  customers. 
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It  will  be  a  challenge  for  them  not  to  lose  customers  to  payment  processors, 
Internet-savvy  banks,  or  Internet  Web  hosting  providers  that  offer  merchant 
services. 


Exhibit  V-18 

Will  EDI  Change  Because  of  the  Internet? 


Yes,  EDI  Will 
Change 
40% 


Not  Change 
60% 


Source:  INPUT 

5.        Use  of  Credit  Cards  for  WWW  Purchases 

Exhibit  V-19  shows  what  businesses  expect  to  buy  with  a  credit  card  using 
the  WWW. 

The  highest  percentage  (88%)  intend  to  buy  software.  This  is  consistent  with 
the  Internet  Shopping  Network's  view  that  software  is  one  of  the  most 
popular  items  it  sells  from  its  Web  site. 

PC  peripherals  also  appeal  to  technically  savvy  buyers. 

Fewer  respondents  (42%)  would  buy  office  equipment  over  the  Web.  This 
may  be  because  there  is  no  established  Web  supplier  yet,  although  many 
companies,  including  OfficeMax,  are  already  selling  over  the  Internet. 

Only  40%  want  to  buy  information  over  the  Web.  This  is  somewhat  low,  but 
many  businesses  run  on  internal  rather  than  externally  available 
information. 
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Exhibit  V-19 


What  Will  Businesses  Buy  from  the  WWW  With  a  Credit  Card? 
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Source:  INPUT 

6.        Use  of  Purchase  Orders  for  WWW  Purchases 

Exhibit  V-20  shows  which  products  and  services  are  most  likely  to  be 
purchased  using  a  traditional  purchase  order  (PO). 

As  mentioned  earlier,  equipment  and  industrial  supplies  are  likely  to  be  on 
POs. 


Far  fewer  businesses,  5%,  would  purchase  information  using  a  PO,  compared 
with  40%  that  would  use  a  credit  card. 
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Exhibit  V-20 


What  Will  Businesses  Buy  from  the  WWW  With  a  Purchase  Order? 
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D  

Electronic  Checks  and  On-line  Coins 

1.        Who  Are  E-Checks  Good  For? 

Exhibit  V-21  shows  what  business  thinks  electronic  checks  will  be  used  for. 
The  overwhelming  majority  (75%)  think  their  greatest  use  will  be  for 
consumers  to  pay  businesses. 

Businesses  like  paper  checks  and  do  not  see  themselves  converting  to  E- 
Checks  very  quickly. 

Few  (15%)  think  that  consumers  will  use  E-Checks  to  pay  each  other. 
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Exhibit  V-21 

How  Are  E-Checks  Used? 


Business  To 
Anybody  Consumer  To 

1 0%  Consumer 

15% 


Business 
75% 


Source:  INPUT 

2.        Competition  for  Electronic  Checks 

Electronic  checks  are  advantageous  mainly  to  the  check  processing 
community;  businesses  have  much  less  interest  in  them.  Exhibit  V-22  shows 
the  processes  businesses  think  will  compete  with  electronic  checks. 

Most  businesses  (92%)  think  that  bill  payment  services  like  the  Quicken 
Financial  Network  from  Intuit,  IBM's  Integrion,  and  CheckFree-not  to 
mention  services  by  established  EDI  and  payment  processing  vendors-will 
compete  with  E-Checks. 

These  systems  already  integrate  with  a  company's  accounting  system  and 
even  if  the  check  is  not  entirely  electronic,  because  unsigned  bank  drafts  are 
generated  in  the  process,  the  interface  to  the  user  is  familiar  and  simple. 

The  electronic  check  vendors  need  to  focus  on  making  the  back  end  of  these 
systems  fully  digital. 

Paper  checks  are  still  of  interest  and  32%  of  businesses  think  that 
conventional  paper  checks  that  are  not  sent  back  to  the  payor  (i.e.,  their 
processing  is  truncated)  will  be  the  main  competitor. 
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In  some  businesses,  ATM  and  POS  equipment  will  be  used  as  it  is  now  for 
depositing  checks  and  making  payments,  as  well  as  receiving  money. 


What  Will  Compete  With  Electronic  Checks? 


Bill  Payment 
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3.        Obstacles  to  Adopting  Electronic  Checks 

The  most  promising  function  for  E-Checks  is  for  consumers  to  pay 
businesses.  However,  even  this  segment  does  not  appear  to  be  very 
promising,  as  Exhibit  V-23  indicates. 


Why  Businesses  Are  Reluctant  To  Support  Electronic  Checks 
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Businesses  believe  that  consumers  are  unlikely  to  use  E-Checks  to  pay 
businesses.  Most  (90%)  believe  that  costs  will  be  higher  and  72%  see  the 
investment  they  would  have  to  make  as  a  barrier. 

Lack  of  standards  is  an  issue  and  56%  of  businesses  believe  there  are 
competing  schemes  that  will  win  out. 

There  is  considerable  uncertainty  about  E-Checks  at  this  time. 
4.        On-line  Coin  Outlook 

Exhibit  V-24  shows  the  percentage  of  businesses  that  expect  to  support  on- 
line coins  or  ECash  in  the  next  two  years. 

Exhibit  V-24 

Percentage  Supporting  On-line  Coins  Within  Two  Years 


Yes,  Will 
Support  Online 
Coins 
8% 


No,  Will  Not 
Support  Online 
Coins 
92% 


Source:  INPUT 

E  

Cash  Cards 

1.        Market  Timing 

Exhibit  V-25  shows  when  businesses  expect  the  use  of  cash  cards  like  Visa 
Cash  and  Mondex  to  impact  their  organization. 

Only  6%  think  they  will  affect  their  operations  in  less  than  two  years. 
However,  in  two  to  three  years-that  is,  in  the  1998-1999  timeframe,  a  further 
22%  think  they  will  have  an  impact. 
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The  remaining  72%  see  cash  card  impact  as  further  in  the  future. 

In  Europe  and  Asia,  cash  card  use  is  more  prevalent  than  in  the  U.S.,  where 
niche  markets  are  expected  to  accept  the  cards  first.  Some  of  the  early  users 
are  telephone  companies,  restaurants,  and  retailers  in  towns  picked  for  a 
trial  by  a  major  vendor. 


Exhibit  V-25 

Impact  of  Cash  Cards 


<2Years 


Source:  INPUT 

2.        Disposable  versus  Reloadable  Cash  Cards 

Cash  cards  can  either  be  disposable  or  reloadable.  Exhibit  V-26  shows  what 
the  banks  and  businesses  felt  that  the  maximum  amount  should  be  on 
disposable  cash  cards. 

Most  (58%)  felt  they  should  not  hold  more  than  $25,  but  greater  than  $10.  A 
more  conservative  14%  felt  they  should  hold  no  more  than  $10.  Sixteen 
percent  felt  the  limit  should  go  up  to  $100. 

In  the  Mondex  system,  very  little  is  expected  to  be  carried  on  the  card,  with 
amounts  of  maybe  enough  for  lunch,  a  newspaper,  and  a  cappuccino. 

More  electronic  cash  will  be  stored  in  a  wallet  or  PC,  maybe  as  much  as 
$500. 

Much  depends  on  the  card's  use;  a  restaurant  patron  may  want  to  have  more 
on  the  card  than  a  school  child  making  local  phone  calls  worth  25  cents. 
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Exhibit  V-26 


How  Much  Should  a  Cash  Card  Store? 
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Cash  cards  may  be  refilled  from  a  credit  card  over  the  phone  or  they  may  be 
placed  in  an  ATM  that  is  capable  of  reloading  a  card  from  a  bank  account. 

Exhibit  V-27  shows  desirable  features  of  reloadable  cash  cards. 

The  biggest  feature  is  accountability.  Merchants  want  to  be  able  to  add  up 
their  receipts  quickly  and  if  they  issue  cards,  track  how  they  are  being 
requested.  Merchants  want  guarantees  against  bad  debts  and  stolen  cards. 

Simple  memory-based  cards  are  easy  to  counterfeit.  Those  with  processors 
are  harder.  France  reduced  fraud  by  70%  when  it  changed  from  simple  cards 
to  those  with  an  embedded  processor. 

For  merchants,  off-line  systems  tend  to  cost  less,  don't  take  time  at  the  POS 
terminal,  and  can  provide  them  with  simpler  network  administration. 
Against  that,  on-line  systems  can  provide  instant  verification  of  funds  and 
may  uncover  fraud  faster  than  off-line  systems. 


Both  on-line  and  off-line  systems  are  desirable,  with  a  slight  preference 
shown  for  off-line  systems.  Cash  cards  that  are  multipurpose  make 
administration  easier  for  the  user.  Merchants  can  read  them  through  one 
POS  terminal.  Privacy,  to  some  extent  a  feature  of  cash  cards  depending  on 
the  exact  implementation,  is  seen  as  much  less  desirable  than  other  features 
by  businesses.  A  higher  percentage  of  consumers  would  rate  privacy  highly. 
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Desirable  Features  of  Reloadable  Cash  Cards 
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Source:  INPUT 

Exhibit  V-28  shows  business  perceptions  of  obstacles  to  the  adoption  of 
reloadable  cash  cards.  The  biggest  obstacle,  particularly  in  the  U.S.,  is  the 
prevalence  of  credit  and  debit  cards.  There  are  also  many  brands  of  cash 
cards,  whereas  the  credit  card  market  has  only  a  few  major  players. 

With  products  like  Visa  Cash,  even  the  cash  cards  may  be  controlled  by  a  few 
large  players.  Only  24%  thought  merchant  acceptance  was  a  barrier  to  using 
reloadable  cash  cards. 

In  general,  based  on  trials,  it  appears  that  merchants  like  handling  cash 
cards  because  they  save  the  time  it  takes  to  give  a  customer  change  and  add 
up  till  receipts. 
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Exhibit  V-28 


Obstacles  to  Adoption  of  Reloadable  Cash  Cards 
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Exhibit  V-29  shows  merchants'  ranking  of  perceived  benefits  of  using  cash 
cards.  Merchants  believe  the  time  saved  in  counting  and  transporting  cash  is 
the  most  important  benefit. 

Food  handlers  like  cafes  and  restaurants  believe  that  using  cash  cards  is 
more  sanitary. 

Some  believe  that  cash  cards  reduce  the  time  purchasers  spend  at  the  till; 
others  believe  it  increases  it. 

Reduction  of  fraud  is  another  benefit. 


100 


©  1997  by  INPUT.  Reproduction  Prohibited. 


EEA6 


ELECTRONIC  PAYMENT  METHODOLOGIES 


INPUT 


Exhibit  V-29 

Perceived  Benefit  Ranking  of  Cash  Cards 
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Exhibit  V-30  shows  a  ranking  of  business  perceptions  of  the  obstacles  to  the 
adoption  of  cash  cards. 

Cost  of  equipment,  in  particular  point-of-sale  systems  and  card  readers,  is 
seen  as  the  greatest  barrier  to  implementation.  For  merchants  to  capitalize 
on  smart  cards,  widespread  acceptance  is  needed  to  amortize  the  cost  of 
equipment  across  many  purchasers. 

Pilot  schemes  that  flood  a  town  with  smart  cards  are  likely  to  be  a  useful 
marketing  strategy  for  any  company  wanting  to  enter  a  market. 

Another  barrier  is  the  changes  that  consumers  will  have  to  make,  which  may 
prove  costly.  Mondex  assumes,  for  example,  that  the  consumer  will  buy  the 
accessories  needed  to  check  the  card  balance  and  lock  and  unlock  it.  Debit 
cards  are  perceived  as  free,  because  they  use  existing  systems. 

Given  the  plethora  of  schemes  for  stored  value  cards,  merchants  are  still 
dubious  about  standards.  Initially,  merchants  may  have  to  absorb  the  up- 
front cost  of  installing  smart  card  systems  in  anticipation  of  future  cost 
savings.  This  also  presents  an  opportunity  for  banks  and  others  to  lease 
systems  and  equipment  on  favorable  terms. 
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Exhibit  V-30 


Ranking  of  Obstacles  to  Adoption  of  Cash  Cards 
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Issues 


This  chapter  compares  issues  regarding  emerging  payment  systems  for 
payment  system  providers,  merchants,  and  payors. 

A  

Issues  for  Payment  System  Providers 

Payment  system  providers  may  be  network  service  operators,  payment 
processors,  or  vendors.  Exhibit  VI- 1  compares  emerging  payment  systems 
from  the  provider  perspective. 


Exhibit  VI-1 

Comparison  of  Payment  System  Issues  for  Payment  System  Providers 
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Payment  providers  need  to  understand  the  role  they  undertake  in  providing 
service: 

•  To  what  extent  should  they  become  Internet  service  providers? 

•  What  types  of  services  should  they  provide? 

Another  concern  for  banks  is  how  they  back  up  and  keep  reserves  for  their 
electronic  cash. 
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When  a  bank  issues  electronic  money  it  comes  out  of  a  checking  account,  for 
which  legal  reserve  requirements  are  in  place.  The  bank  needs  to  be  subject 
to  the  same  reserve  requirements  for  electronic  money  in  circulation  issued 
from  its  accounts. 

Regulations  still  need  to  be  established  for  digital  payment  schemes. 

B  

Issues  for  Merchants 

Exhibit  VI-2  shows  how  emerging  payment  systems  compare,  regarding 
issues  raised  earlier  in  the  report. 


Exhibit  VI-2 

Comparison  of  Payment  System  Issues  for  Merchants 
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Merchants  have  many  systems  issues: 

•  Should  they  outsource  or  manage  their  own  Web  site? 

•  Should  they  rely  on  a  bank  or  service  provider  to  do  their  Internet 
payment  processing?  They  may  already  have  a  relationship  with  a  bank, 
but  an  Internet  service  provider  may  be  offering  service  today  and  the 
bank  may  not  be  ready.  Also,  a  service  company  like  First  Data  may  offer 
more  attractive  services  than  a  bank. 

•  What  software  and  hardware  do  they  need  to  buy  and  what  can  be  used 
on  a  timesharing  system? 

•  How  should  they  staff  their  technical  support  requirements-with 
technical  experts  or  support  experts,  like  clerks  and  retailers? 
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c  

Issues  for  Purchasers 

Exhibit  VI-3  compares  the  issues  of  emerging  payment  systems  as  they  affect 
purchasers. 


Exhibit  VI-3 

Comparison  of  Payment  System  Issues 
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In  addition  to  the  above  issues,  consumers  are  interested  in  their  rights  to 
privacy.  They  want  to  know  when  and  where  information  will  be  disclosed. 
They  also  want  protection  against  loss  or  theft. 

Any  payment  system  issuer  must  be  prepared  to  arrange  for  high-level 
support  to  report  stolen  cards,  reissue  payment  instruments  if  that  is  part  of 
the  scheme,  and  answer  customer  questions. 


Legal  and  Regulatory  Issues 

1.        Current  Regulators  and  Regulations 

In  the  U.S.,  banking  authorities,  taxation  authorities  and  law  enforcement 
organizations  are  involved  in  the  regulation  of  electronic  payment  systems. 
Exhibit  VI-4  compares  their  concerns. 
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Exhibit  VI-4 

Concerns  of  Regulators 
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detection  of  tax  evasion, 
money  laundering 

•  Citizen  protection,  organized 
crime  drua  DPddlinn 
terrorism,  privacy  vs. 
surveillance 

•  Bank  protection, 
counterfeiting 

•  Taxation  system  protection, 
money  laundering,  income 
and  sales  tax  evasion 

Source:  INPUT 


All  of  the  organizations  listed  above  had  been  dealing  with  regulating 
electronic  networks  for  funds  transfer  long  before  the  Internet  became 
popular. 

In  the  U.S.,  agencies  concerned  with  regulation  include  the  Department  of 
the  Treasury's  FinCEN  (Financial  Crimes  Enforcement  Network),  the  NSA 
(National  Security  Agency),  the  FBI  (especially  the  U.S.  Caribbean  Task 
Force),  the  CIA,  the  U.S.  Department  of  Justice  (Asset  Forfeiture  and  Money 
Laundering  Section,  Anti-Drug  Profiteering  Unit),  and  assorted  state-level 
Gaming  Control  and  Taxation  departments. 

Internationally,  the  Financial  Action  Task  Force  (FATF),  an  entity  set  up  by 
the  G7,  exists  to  combat  money  laundering. 

It  is  worth  bearing  in  mind,  amid  press  scares,  that: 

•  All  ATMs  have  daily  limits. 

•  Most  emerging  electronic  payment  systems  are  accountable,  with  central 
data  repositories  that  provide  inexpensive  access  for  authorities. 

•  All  systems,  except  disposable  cards,  require  a  bank  account,  which 
cannot  be  opened  anonymously  in  most  places,  hence  cash  flows  can  be 
monitored. 

•  Anonymous  disposable  cards  are  not  any  more  portable  than  paper 
currency.  Reloadable  cards  are  not  anonymous  and  they  are  assigned  to 
individual  bank  accounts. 

•  If  one  spends  $10,000  of  DigiCash  ECash  it  will  be  apparent  to  the 
issuing  bank,  as  it  can  only  be  used  once.  The  government  may  not  be 
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able  to  find  where  it  was  sent,  but  it  can  certainly  investigate  in 
traditional  ways. 

•  The  U.S.  1988  Money  Laundering  Act  requires  all  banks,  financial  firms, 
and  merchants  to  report  transactions  above  $10,000  and  all  purchases  of 
financial  instruments  above  $3,000. 

•  The  Bank  Secrecy  Act  requires  banking  institutions  to  keep  records  of  all 
transactions  over  $100  for  at  least  five  years  and  to  keep  an  image,  such 
as  a  digital  check  image  or  microfilm  check  picture. 

•  The  U.S.  Financial  Privacy  Act  prevents  banks  from  giving  or  selling 
these  records  to  other  commercial  organizations. 

•  The  potential  for  automated  surveillance  of  the  Internet  could 
significantly  intrude  on  the  privacy  of  users. 

•  The  Mondex  merchant  system  keeps  detailed  transaction  records  that 
would  make  sales  tax  evasion  difficult. 

•  Over  the  next  five  years,  regulations  that  enable  law  enforcement  to 
snoop  on  electronic  transactions  over  the  Internet  are  likely  to  be  defined. 

•  The  Clipper  chip  initiative  met  with  considerable  resistance,  but  the 
government  will  identify  ways  to  monitor  the  Internet  and  users  will 
resist  regulation. 

2.        Regulation  E 

An  excellent  reference  on  the  impact  of  electronic  money  on  the  money 
supply  is  given  in  a  paper  presented  at  the  Conference  on  Digital  Cash  and 
Electronic  Money  organized  by  the  Columbia  Institute  for  Tele-Information, 
at  the  Columbia  Business  School,  April  21,  1995  by  the  New  York  Federal 
Reserve  at: 

http://startide.ctr.columbia.edu/citi/history/emon.html 

Legislation  is  changing  quickly.  In  May  1996,  modifications  were  made  to 
Regulation  E,  the  Electronic  Funds  Transfer  Act  for  stored  value  cards. 

Stored  value  cards  that  are  subject  to  verification  at  the  time  of  purchase 
would  essentially  be  subject  to  the  same  rules  as  credit  cards.  Erroneous 
transactions  would  need  to  be  reported  in  60  days  by  consumers. 

In  addition,  federal  authorities  propose  changing  the  definition  of  "written" 
communications  that  are  signed  on  paper  to  include  electronic  messaging 
that  is  "authenticated  similarly"  (i.e.,  in  practice  "signed  digitally"  or  signed 
with  a  security  code)  by  the  user. 
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The  Federal  Reserve  has  authorized  digital  signing  for  recurrent 
transactions,  such  as  paying  bills.  NACHA,  in  May  1996,  extended  the  bill  to 
cover  nonrecurring  debits  and  credits  using  ACH  networks. 

3.  Digital  Signatures 

California's  AB  1577,  passed  in  October  1995,  regulations  recognized  digital 
signatures  as  valid  signatures  for  electronic  communications,  subject  to 
certain  qualifying  criteria. 

Gradually,  states  and  countries  are  beginning  to  create  legislation  around 
digital  signatures  and  authentication  of  electronic  documents. 

Utah  was  the  first  state  in  the  U.S.  to  set  up  legislation  for  Certificate 
Authorities  and  digital  notaries,  who  can  be  liable  if  they  issue  fraudulent 
certificates.  This  moves  some  of  the  risk  from  banks  and  merchants  to 
certificate  issuers. 

4.  Taxation 

In  November  1996,  the  Clinton  administration  announced  that  it  had  no 
plans  to  impose  new  federal  taxes  on  the  Internet. 

The  Treasury  has  been  studying  the  implications  on  tax  policy  of  electronic 
commerce.  Its  discussion  on  this  subject  can  be  found  on  the  Treasury 
Department's  home  page  at  www.ustreas.gov. 

State  and  local  taxation,  not  to  mention  international  taxes  and  rules  for 
exemption  from  taxes,  become  an  issue  for  electronic  funds.  Various  task 
forces,  including  the  Software  Industry  Coalition,  are  working  on  these 
issues.  Their  initial  paper  can  be  found  at: 

http://www.softwareIndustrv.org/issues/docs-htm/usetaxwp.html 

Ideally,  states  and  cities  would  create  a  settlement  process,  like  that  in 
banking  and  telecommunications,  to  solve  check  clearing  and  phone  bill 
payment,  respectively.  Authorities  could  tax  the  sale  of  goods  based  on  the 
ZIP  code  of  the  recipient. 

Given  government  spending  restrictions  this  is  unlikely  to  happen.  Instead 
the  current  system  will  prevail,  where  mail  order  companies  charge 
according  to  the  laws  of  specific  states;  this  often  requires  only  recipients  in  a 
few  states  pay  taxes. 

In  fact,  the  law  requires  purchasers  to  pay  use  tax.  Typically,  this  is  only 
collected  on  cars,  boats,  and  large  items  by  a  few  states. 
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A  major  international  issue  is  tax  evasion.  Entire  communities  have  been 
built  offshore  to  support  this  business  and  the  same  types  of  electronic 
communities  can  expect  to  evolve. 

A  nonpolitical  monetary  system  that  became  popular  would  cause  upheavals 
in  the  financial  system.  There  is  no  law  against  offering  a  digital  currency  at 
present.  However,  technically  it  could  not  be  used  to  pay  a  debt. 

5.        Fraud  and  Money  Laundering 

The  most  vulnerable  payment  schemes  are  those  that  allow  anonymity. 

Fear  of  money  laundering  has  made  suppliers  of  payment  systems  provide 
safeguards,  such  as  knowing  the  merchant  or  encrypted  chips  to  foil  money 
launderers.  The  main  risk  is  transferring  digital  cash  overseas,  where  it  may 
be  undetected. 

Banks  are  increasingly  at  risk  of  harboring  money  launderers.  A  bank  that 
has  a  money  launderer  client  can  be  shut  down  in  the  U.S.  Exceptions  are 
made  when  banks  attempt  to  make  their  systems  legal  and  existing  systems 
are  attacked. 

Electronic  payment  systems  offer  money  launderers  opportunities  to  "cool" 
their  hot  money. 

The  government  is  increasingly  relying  on  banks  to  police  their  own 
customers. 

Service  providers  can  increasingly  expect  to  be  held  responsible  for  activities 
that  involve  financial  transactions.  This  may  be  a  deterrent  to  service 
providers  providing  payment  processing  and  an  incentive  for  banks,  like 
First  Union  in  Florida,  to  manage  the  financial  aspects  of  Web  commerce. 

Banks  are  going  to  qualify  customers  with  more  questions  about  the  nature 
of  their  transactions,  e.g.,  "Do  you  expect  to  make  large  payments?";  "To 
which  overseas  countries  do  you  expect  payments  to  be  made?"-"Yes"  and 
"Colombia"  being  answers  likely  to  alert  suspicion. 

Banks  will  be  likely  to  investigate  payments  to  fiscally  tolerant  countries. 

Asset  forfeiture  and  identification  of  trading  partners  with  strong  money 
laundering  legislation  is  a  major  issue  for  regulators  and  global  financial 
institutions. 
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Money  laundering  is  largely  accomplished  in  one  of  four  ways: 

•  Take  payment  in  cash  or  other  bearer  instruments  and  deposit  in  a  bank 
in  a  country  that  has  bank  secrecy  laws — the  biggest  risk  is  detection  on 
leaving  a  country  like  the  U.S.,  where  travelers  cannot  carry  more  than 
$10,000  in  negotiable  instruments 

•  Buy  a  legitimate  cash  business  and  run  money  through  it,  like  a  dry 
cleaning  service  or  restaurant 

•  Buy  a  bank — international  interbank  transfers  are  a  key  problem  area  (in 
identifying  a  fraudulent  banker,  not  in  the  networks  per  se) 

•  Convert  cash  to  goods 

The  problems  above  are  personnel  problems  more  than  technological 
problems.  Corrupt  banks  and  payment  processors  that  use  the  Internet  will 
be  a  likely  problem  for  authorities. 

Another  type  of  fraud  is  duplicating  the  e-mint  or  creating  false  payment 
instruments.  Software,  paper  bills,  and  coins  have  all  been  counterfeited  and 
there  will  be  opportunities  to  detect  real  from  fake  smart  cards,  digital 
wallets,  and  digital  signatures. 

6.        Unlicensed  On-line  Banks 

Regulators  will  not  tolerate  unlicensed  on-line  banks. 

With  digital  cash  and  other  non-national  currencies,  there  are  opportunities 
to  set  up  virtual  banks.  These  can  increasingly  be  expected  to  be  closed  down 
by  regulators  if  they  do  not  adhere  to  strict  guidelines. 

Nonbank  financial  institutions  are  typically  regulated  by  states  in  the  U.S. 

There  are  cyberspace  equivalents  starting  to  appear  that  may  fall  afoul  of 
state  legislation. 
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Glossary 


This  appendix  provides  definitions  of  terminology  associated  with  the 
Internet  that  is  not  in  INPUT'S  Definition  of  Terms. 


Definitions 


ACH 


Application  protocol 


Asymmetric  cipher 


ATM 


Audit 


Authentication 


(Automated  Clearing  House)  -  An  organization  that 
runs  a  financial  network  and  clears  electronic  funds 
transfers. 

A  protocol  that  connects  an  application  across  a 
network,  usually  above  the  transport  layer  (e.g., 
TCP/IP).  Examples  include  HTTP,  TELNET,  FTP, 
and  SMTP. 

An  encryption  scheme  where  one  side  has  the  key 
and  the  other  does  not  as  in  private  key 
cryptography. 

(Automatic  Teller  Machine)  Sometimes  this 
acronym  can  mean  a  switched  network  type,  as  in 
Asynchronous  Transfer  Mode,  but  that  is  not  the 
usual  meaning  in  this  report. 

The  collection  of  information  about  security  events 
on  a  network.  Auditing  is  used  for  logging  events, 
identifying  network  attacks,  and  ensuring  that 
network  security  is  working  effectively. 

Verification  of  the  claimed  identity  of  a  computer  or 
computer  network  user. 
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Backbone 


Bandwidth 


Bit 


Block  cipher 


A  high-speed  line  or  series  of  connections  that  forms 
a  major  pathway  within  a  network.  The  term  is 
relative,  as  a  backbone  in  a  small  network  may  be 
much  smaller  than  many  nonbackbone  lines  in  a 
large  network. 

How  much  information  can  be  sent  through  a 
connection.  Usually  measured  in  bits  per  second.  A 
full  page  of  English  text  in  a  book  totals  around 
20,000  bits.  A  fast  modem  can  move  about  30,000 
bits  in  one  second  (30Kbps),  rising  to  around 
120,000  bits  per  second  (120Kbps)  depending  on  the 
type  of  information  being  transferred  and  the 
compression  used.  Full-motion,  full-screen  video 
would  require  roughly  10,000,000  bits  per  second 
(10Mbps),  depending  on  compression. 

(Binary  digIT)  -  A  single-digit  number  in  base  2;  in 
other  words,  either  a  one  or  a  zero.  The  smallest 
unit  of  computerized  data.  Bandwidth  is  usually 
measured  in  bits  per  second. 

An  encoding  algorithm  that  operates  on  data  in 
groups  of  bits,  called  blocks;  64  bits  is  a  typical  block 
size. 


Browser 


Bulk  cipher 
Byte 


Certificate 


A  client  program  (software)  that  is  used  to  look  at 
(or  browse)  various  kinds  of  Internet  resources. 
Microsoft  Explorer  and  Netscape  Navigator  are  two 
examples  of  browsers. 

A  symmetric  encryption  algorithm  that  encrypts 
large  data  streams. 

A  set  of  bits  that  represents  a  single  character. 
Usually  there  are  8  or  10  bits  in  a  byte,  depending 
on  the  processor  architecture. 

Part  of  the  CCITT  X.509  protocol  (a.k.a.  ISO 
Authentication  framework)  assigned  by  a  trusted 
Certificate  Authority  that  provides  identification  of 
an  entity,  person,  or  merchant.  It  may  also  supply 
its  public  key. 
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Cyberspace 


Currently  used  to  describe  the  whole  range  of 
information  resources  available  through  computer 
networks  such  as  the  Internet. 


DES  (Data  Encryption  Standard) 

DES  is  a  very  widely  used  symmetric  encryption 
algorithm.  DES  is  a  block  cipher. 

Digital  Signature  Standard  (DSS) 

A  standard  for  digital  signing,  including  the  Digital 
Signing  Algorithm,  approved  by  the  National 
Institute  of  Standards  and  Technology,  defined  in 
NIST  FIPS  PUB  186,  "Digital  Signature  Standard," 
published  May  1994  by  the  U.S.  Dept.  of  Commerce. 


Digital  signatures 


DNS 


Domain  name 


ECash 


E-Checks 


Use  cryptography  to  produce  a  data  string  that  can 
be  authenticated  and  are  difficult  to  forge  or 
repudiate. 


(Domain  Name  Server) — A  means  by  which  numeric 
IP  addresses  (e.g.,  198.93.130.56)  are  converted  into 
character-based  names  (e.g.,  www.input.com)  and 
vice  versa. 

The  unique  name  that  identifies  an  Internet  site. 
Domain  names  always  have  2  or  more  parts, 
separated  by  dots — for  example,  'input.com.'  The 
part  on  the  left  is  more  specific,  and  the  part  on  the 
right  is  general.  A  given  machine  may  have  more 
than  one  domain  name,  but  a  given  domain  name 
points  to  only  one  machine. 

Electronic  cash,  proposed  by  DigiCash  and 
CyberCash. 

Electronic  checks,  proposed  by  FSTC. 


E-mail  (Electronic  mail) 

Messages,  usually  textual,  sent  from  one  person  to 
another  via  computer.  E-mail  can  also  be  sent 
automatically  to  a  large  number  of  addresses  via  a 
mailing  list. 

e-money  Electronic  money  such  as  digital  cash,  ACH 

transactions,  E-Checks. 
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EDI  (Electronic  Data  Interchange) 

Traditional  business-to-business  protocols  and 
formats  for  exchanging  ordering  information 
electronically. 

EFT  Electronic  Funds  Transfer 

Electronic  cash  Encrypted  data  that  represents  cash  and  can  be  sent 

over  networks  to  pay  for  goods  and  services. 

A  method  of  protecting  data  so  that  if  it  is  accessed, 
it  cannot  be  understood  without  the  use  of  a  secret 
encryption  key. 

A  network  standard  for  connecting  computers  in  a 
LAN.  Ethernet  will  handle  about  10Mbps  and  can  be 
used  with  almost  any  kind  of  computer.  Fast 
Ethernet  handles  100Mbps,  in  practice  speeds  are 
lower  than  the  rated  capacity  of  the  network. 

FAQ  (Frequently  Asked  Question) 

FAQs  are  documents  that  list  and  answer  the  most 
common  questions  on  a  particular  subject.  There  are 
thousands  of  FAQs  on  subjects  as  diverse  as  pet 
grooming  and  cryptography.  FAQs  are  usually 
written  by  people  who  have  tired  of  answering  the 
same  question  many  times.  FAQs  are  often 
associated  with  Usenet  newsgroups. 

Fast  Ethernet  The  latest  Ethernet  standard  that  specifies  a  data 

transfer  rate  of  100Mbps,  a  tenfold  increase  over 
traditional  Ethernet  performance. 

FDDI  (Fiber  Distributed  Data  Interface) 

A  standard  for  transmitting  data  on  optical  fiber 
cables  at  a  rate  of  approximately  100Mbps. 

FEDI  (Financial  EDI)  -  The  payment  protocols  and  standards  that  follow  an 

EDI  message  to  order  goods  in  business-to-business 
electronic  commerce. 

FTP  (File  Transfer  Protocol) 

A  very  common  method  of  moving  files  between  two 
Internet  sites.  FTP  is  a  special  way  to  log  in  to 


Encryption 


Ethernet 
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another  Internet  site  for  the  purpose  of  retrieving 
and/or  sending  files. 

Host  Any  computer  on  a  network  that  is  a  repository  for 

services  available  to  other  computers  on  the 
network.  It  is  quite  common  to  have  one  host 
machine  provide  several  services,  such  as  Web  and 
Usenet. 

HTML  (HyperText  Markup  Language) 

The  coding  language  used  create  hypertext 
documents  for  use  on  the  World  Wide  Web. 

HTTP  (HyperText  Transport  Protocol) 

The  protocol  for  moving  hypertext  files  across  the 
Internet.  Requires  an  HTTP  client  program  at  one 
end  and  an  HTTP  server  program  at  the  other. 
HTTP  is  the  most  important  protocol  used  in  the 
World  Wide  Web  today. 

Generally,  any  text  that  contains  "links"  to  other 
documents  -  words  or  phrases  in  the  document  that 
can  be  chosen  by  a  reader  and  which  cause  another 
document  to  be  retrieved  and  displayed. 

The  vast  collection  of  interconnected  networks  that 
all  use  the  TCP/IP  protocol  and  that  evolved  from 
the  ARPANET  of  the  late  1960s  and  early  1970s. 

A  unique  number  consisting  of  4  numbers  separated 
by  dots.  Every  machine  that  is  on  the  Internet  has  a 
unique  IP  address  -  if  a  machine  does  not  have  an 
IP  address,  it  is  not  really  on  the  Internet.  Most 
machines  also  have  one  or  more  domain  names  that 
are  easier  for  people  to  remember.  For  example,  the 
IP  address  of  www.input.com  is,  at  the  time  of 
writing,  198.93.130.56. 

IRC  (Internet  Relay  Chat) 

A  large,  multiuser  live  chat  facility.  There  are  a 
number  of  major  IRC  servers  around  the  world  that 
are  linked  to  each  other.  Anyone  can  create  a 
channel  and  everything  that  any  member  of  a 
channel  types  in  is  seen  by  all  users  in  that  channel. 


Hypertext 


Internet 


IP  address 
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Private  channels  can  be  created  for  invitation-only 
conference  calls. 

ISDN  (Integrated  Services  Digital  Network) 

A  64Kbps  digital  telephone  line  connection.  ISDN 
acceptance  is  still  low  due  to  high  equipment  prices, 
but  as  prices  fall,  individuals  and  companies  are 
benefiting  from  leased-line  performance  on  a  dial-up 
line.  Connect-time  charges  are  normally  the  same  as 
for  a  regular  analog  telephone  connection. 

ISP  (Internet  Service  Provider) 

An  organization  (usually  commercial)  that  offers 
individuals  and  other  organizations  access  to  the 
Internet  through  a  dial-up  connection,  ISDN,  or 
leased  line. 

JEPI  Joint  Electronic  Payment  Initiative 

Kb  (Kilobit)  1,024  bits. 

KB  (Kilobyte)  1,024  bytes. 

LAN  (Local- Area  Network) 

A  computer  network  limited  to  the  immediate  area, 
usually  the  same  building  or  floor  of  a  company 
building. 

Leased  line  A  phone  line  that  is  permanently  held  open  for  data 

transfer  between  two  locations.  The  highest  speed 
data  connections  require  a  leased  line. 

The  most  common  kind  of  mail  list,  Listservs 
originated  on  BITNET,  but  they  are  now  common  on 
the  Internet. 

The  account  name  used  to  gain  access  to  a  computer 
system  or  network. 

An  automated  system  that  allows  people  to  send  E- 
mail  to  one  address,  whereupon  their  message  is 
copied  and  sent  to  all  of  the  other  subscribers  to  the 
mail  list.  In  this  way,  people  who  have  many 
different  kinds  of  E-mail  access  can  participate  in 
discussions  together. 


Listserv 


Login 


Mail  list 
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Mb  (Megabit)  1,024  kilobits. 

MB  (Megabyte)  1,024  kilobytes. 

MAC  (Message  Authentication  Code) 

A  Message  Authentication  Code  is  a  one-way  hash 
computed  from  a  message  and  some  secret  data.  Its 
purpose  is  to  detect  if  the  message  has  been  altered. 

MICR  Magnetically  encoded  information  at  the  bottom  of  a 

check. 

Micropayment  Usually  a  small  payment;  in  reality,  it  means  a 

payment  that  can  be  made  with  a  smart  card  or 
digital  cash.  Nanopayments  and  picopayments  are 
even  smaller  payments. 

MOTO  (Mail  Order/Telephone  Order) 

Applies  to  retailers  that  sell  by  these  methods. 

MRO  (Maintenance,  Repair,  Office  expenses)  -  Typically, 

small  expenses  that  corporations  are  likely  to  put  on 
purchasing  cards. 

NACHA  (National  Automated  Clearing  House  Association) 

Industry  group  that  sets  standards  for  ACHs. 

Node  Any  single  computer  connected  to  a  network. 

One-way  hash  function 

A  one-way  transformation  that  converts  an 
arbitrary  amount  of  data  into  a  fixed-length  hash.  It 
is  computationally  hard  to  reverse  the 
transformation  or  to  find  collisions. 

Packet  switching  The  method  used  to  move  data  around  on  the 

Internet.  In  packet  switching,  the  data  coming  out  of 
a  machine  is  broken  up  into  chunks,  each  chunk 
containing  the  addresses  it  came  from  and  where  it 
is  going.  This  enables  chunks  of  data  from  many 
different  sources  to  coexist  on  the  same  lines,  and  be 
sorted  and  directed  to  different  destinations  by 
special  machines  along  the  way.  This  way,  many 
people  can  use  the  same  lines  at  the  same  time. 
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Password  A  code  used  to  gain  access  to  a  locked  system.  Good 

passwords  contain  letters  and  nonletters  and  are  not 
simple  combinations. 

PIN  (Personal  Identification  Number) 

Used  like  a  password  to  make  transactions  more 
secure. 

POS  (Point  Of  Sale  system) 

Typically  a  cash  register  or  computer  acting  as  a 
cash  register. 

PPP  (Point-to-Point  Protocol) 

Most  well-known  as  a  protocol  that  allows  a 
computer  to  use  a  regular  telephone  line  and  a 
modem  to  make  a  TCP/IP  connection  and  thus  be  on 
the  Internet.  PPP  is  gradually  replacing  SLIP  for 
this  purpose. 

Proxy  server  (Proxy)      An  application  that  controls  traffic  between  a 

protected  network  and  the  Internet. 

Public  key  cryptography 

A  class  of  cryptographic  techniques  employing  two- 
key  ciphers.  Messages  encrypted  with  the  public  key 
can  only  be  decrypted  with  the  associated  private 
key.  Conversely,  messages  signed  with  the  private 
key  can  be  verified  with  the  public  key. 

Purchasing  cards  Corporate  credit/debit  cards,  typically  used  to  make 

smaller  purchases. 

RC2,  RC4  Proprietary  bulk  ciphers  from  RSA  Data  Security, 

Inc. 

RFC  (Request  For  Comments) 

The  name  of  the  result  and  the  process  for  creating 
a  standard  on  the  Internet.  New  standards  are 
proposed  and  published  on  line,  as  an  RFC.  The 
Internet  Engineering  Task  Force  is  a  consensus- 
building  body  that  facilitates  discussion  and 
establishes  new  standards. 

Router  A  software  package  or  special-purpose  computer 

that  handles  the  connection  between  two  or  more 
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networks.  Routers  spend  all  their  time  looking  at 
the  destination  addresses  on  the  packets  passing 
through  them  and  deciding  which  route  to  send 
them  on. 

SET  Standard  for  credit  card  transaction  handling  over 

the  Internet. 

Tl  A  leased-line  connection  capable  of  carrying  data  at 

1.544Mbps.  At  maximum  theoretical  capacity,  a  Tl 
line  could  move  a  megabyte  in  less  than  10  seconds. 
That  is  still  not  fast  enough  for  full-screen,  full- 
motion  video,  for  which  at  least  10Mbps  is  needed. 
Tl  is  one  of  the  fastest  speeds  commonly  used  to 
connect  networks  to  the  Internet. 

T3  A  leased-line  connection  capable  of  carrying  data  at 

44.736Mbps.  This  is  more  than  enough  to  transmit 
full-screen,  full-motion  video. 

TCP/IP  (Transmission  Control  Protocol/Internet  Protocol) 

A  collection  of  communication  protocols  that  define 
the  Internet  and  allow  different  computers  to 
communicate  with  one  another  over  a  common 
network. 


Telnet  The  command  and  program  used  to  log  in  from  one 

Internet  site  to  another.  The  telnet 
command/program  gets  you  to  the  "login:"  prompt  of 
another  host. 


Terminal  Server  A  special-purpose  computer  that  has  places  to  plug 

in  many  modems  on  one  side,  and  a  connection  to  a 
LAN  or  host  machine  on  the  other  side.  Thus,  the 
terminal  server  does  the  work  of  answering  the  calls 
and  passes  the  connections  on  to  the  appropriate 
node.  Most  terminal  servers  can  provide  PPP  or 
SLIP  services  if  connected  to  the  Internet. 

Terminal  A  device  that  allows  you  to  send  commands  to  a 

computer  somewhere  else.  At  a  minimum,  this 
usually  means  a  keyboard  and  a  display  screen  and 
some  simple  circuitry.  Usually  you  will  use  terminal 
software  in  a  personal  computer;  the  software 
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emulates  a  physical  terminal  and  allows  you  to  type 
commands  to  a  computer  somewhere  else. 

A  program  that  performs  a  desired  task,  but  also 
includes  unexpected  functions,  usually  unpleasant, 
such  as  random  file  deletion. 


URL  (Uniform  Resource  Locator) 

The  standard  method  of  addressing  resources  on  the 
World  Wide  Web,  such  as  Web  pages  themselves. 
For  example,  http://www.input.com/. 


Usenet 


Virus 


A  worldwide  system  of  discussion  groups,  with 
comments  passed  among  hundreds  of  thousands  of 
machines.  Only  about  half  of  all  Usenet  machines 
are  on  the  Internet.  Usenet  is  decentralized,  with 
over  13,000  discussion  areas,  called  newsgroups. 

A  segment  of  code  which  replicates  by  attaching 
copies  of  itself  to  existing  executables. 


WAN  (Wide-Area  Network) 

Any  network  that  covers  an  area  larger  than  a 
single  building  or  campus. 


WWW 


See  World  Wide  Web. 


World  Wide  Web 


B 


The  whole  constellation  of  resources  that  can  be 
accessed  using  gopher,  FTP,  HTTP,  telnet,  Usenet, 
WAIS,  and  other  tools.  WWW  is  the  universe  of 
hypertext  servers  that  allow  text,  graphics,  sound 
files,  etc.  to  be  combined. 


Further  References 


A  comprehensive  bibliography  of  electronic  payment  systems  is  maintained 
at  Stanford  University,  with  URL: 
http://robotics.stanford.edu/users/ketchpel/ecash.html. 
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Vendor  and  Association  Names 
and  Addresses 


Exhibit  B-l  lists  the  names  and  addresses  of  some  leading  vendors  of 
Internet  payment  and  Web  technology. 


Exhibit  B-1 

Names  and  Addresses  of  Vendors 


Company 

Product 

Amdahl  Corporation 
1250  East  Arques  Avenue 
Sunnyvale,  CA  94088 
U.S.A. 

Tel:  1  800  538  8460 
Fax:  408  773  0833 

www.amdahl.com 

Broadvision,  Inc. 

333  Distel  Circle 

Los  Altos,  CA  94022-1404 

U.S.A. 

Tel:  415  943  3600 
Fax:  415  943  3699 

www.broadvision.com 

Compaq  Computer  Corporation 
P.   O.  Box  692000 
Houston,  TX  77269-2000 
U.S.A. 

Tel:  713  370  0670 
Fax:  713  514  1740 

www.compaq  .com 

Connect,  Inc. 
515  Ellis  Street 

Mountain  View,  CA  94043-2242 
U.S.A. 

Tel:  1  800  262  2638 

www.connectinc.com 
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Cybercash,  Inc. 

2100  Reston  Parkway,  3rd  Floor 
Reston,  VA  22091 

I  I  Q  A 

U.O.M. 

Tel:  703  620  4200 
FAX:  703  620  4215 

www.cybercash.com 

DigiCash  bv 
Kruislaan  419 

1  HQP  \/A  Amctorrlam 

The  Netherlands 
Tel:  +31  20-665  261 1 
FAX:  +31  20-668  5486 

www.digicash.com 

DigiCash,  Inc. 

cc  Coet  ^Ond  Qtroot  ^Qth  Flnnr 
DO  udbl  Oc.     ollfcJfcJl,  Oc7  riUUl 

New  York,  NY  10055-0186 
U.S.A. 

Tel:  1  800  410  3274 

www.digicash.com 

Digital  Equipment  Corporation 
1 1 1  Powdermill  Road 

MawnarH   IWI A  H1  7RA-9^71 

Ivldy  1  Idl U,  IVIM  KJ  1  /  OH  C.O  1  I 

U.S.A. 

Tel:  408  493  5111 

www.digital.com 

Financial  Services  Technology 

Consortium  (FSTC) 

401  North  Michigan  Avenue,  24th  Floor 

OlllL/dy(J,  ll_  DUD  I  I 

U.S.A. 

Tel:  312  527  6724 

www.fstc.org 

First  Virtual  Holdings 

1 1975  El  Camino  Real,  Suite  200 

San  Diego,  CA  92130 

U.O.M. 

Tel:  619  793  2700 
Fax:  619  793  2950 

www.  firstvirtual.com 

General  Magic 

420  North  Mary  Avenue 

ounnyvaie,  um  y^fuoo 

U.S.A. 

Tel:  408  774  4000 
Fax:  408  774  4010 

www.genmagic.com 

Hitachi  America,  Ltd. 

sj\J  i  ivJoJJfciOl  nVcllUc 

Tarrytown,  NY  10591-4698 
U.S.A. 

Tel:  914  332  5800 

www.hitachi.com 

IBM  Corporation 
Old  Orchard  Road 
Armonk,  NY  10504 
U.S.A. 

Tel:  914  765  1900 

www.ibm.com 
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ICVERIFY,  Inc. 

ATi  DrJanrl  \A/ow 
( <5  nOiana  Way 

Oakland,  CA  94621 
U.S.A. 

Tel:  510  553  7500 
Fax:  510  553  7553 

www.icverify.com 

iniuii,  inc. 

2535  Garcia  Avenue 
Mountain  View,  CA  94043 
U.S.A. 

Tel:  415  944  6000 
Fax:  415  944  6688 

www.iniuit.com 

iviaSierodra  iniernaiiondi,  inc. 
2000  Purchase  Street 
Purchase,  NY  10577-2509 
U.S.A. 

Tel:  914  249  2000 

www.mastercara.com 

Microsoft  Corporation 
One  Microsoft  Way 

DoHmnnH    \A/A    QOflRO  COQQ 

U.S.A. 

Tel:  206  882  8080 
Fax:  206  936  7329 

Internet  Explorer,  Internet  Information  Server 

Mondex  International 
47-53  Cannon  Street 
Lonaon 
EC4M  5SQ 
England 

Tel:  +44  (0)  171  557  500 
Fax:  +44  (0)  171  557  520 

www.mondex.com 

O'Reilly  &  Associates 
lUoA  Morris  btreet 
Sebastopol,  CA  95472 
U.S.A. 

Tel:  +1  707  829  0515 
Fax:  +1  707  829  0104 

URL:  http://www.ora.com/  or 
vveDoite 

http://Website.  ora.com 

Netscape  Communications 

Cfll  Pact  MiiHHIofialH  Priori 

Mountain  View,  CA  94043 
U.S.A. 

Tel:  +1  415  254  1900 
Fax:  +1  415  528  4124 

URL:  http://www.netscape.com/ 

Oracle  Corporation 
500  Oracle  Parkway 
Redwood  Shores,  CA  94065 
U.S.A. 

Tel:  415  506  7000 
Fax:  415  506  7200 

www.oracle.com 
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Premenos  Technology  Corporation 
1000  Burnett  Avenue,  2nd  Floor 
Concord,  CA  94520 
U.S.A. 

Tel:  510  602  2000 

www.premenos.com 

Silicon  Graphics,  Inc. 
2011  North  Shoreline  Blvd. 
Mountain  View,  CA  94043 
U.S.A. 

Tel:  415  960  1980 
FAX:  415  961  0595 

www.sgi.com 

Sony  Corporation 
3300  Zanker  Road 
San  Jose,  CA  95134 
U.S.A. 

Tel:  408  432  1600 
Tel:  201  930  1000  (NJ) 

www.sony.com 

Sun  Microsystems,  Inc. 
2550  Garcia  Avenue 
Mountain  View,  CA  94043-1 100 
U.S.A. 

Tel:  1  800  USA  4SUN 

www.sun.com 

Unisys  Corporation 

P.O.  Box  500 

Blue  Bell,  PA  19424-0001 

U.S.A. 

Tel:  215  986  5777 
FAX:  215  986  6850 

www.unisys.com 

VeriFone,  Inc. 
Three  Lagoon  Drive 
Redwood  City,  CA  94065-1561 
U.S.A. 

Tel:  415  591  6500 
FAX:  415  598  5504 

www.verifone.com 

Visa  International 
P.O.  Box  8999 

San  Francisco,  CA  94128-8999 
U.S.A. 

Tel:  415  432  3200 

www.visa.com 

Source:  INPUT 


Exhibit  B-2  provides  a  short  list  of  Internet  standards  committees  and 
associations.  There  are  many  more. 
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Internet  Standards  Committees  and  Associations 


Association/Institute 

Notes 

World  Wide  Web  Consortium  (W3C) 

An  organization  to  develop  common  standards  for 
the  evolution  of  the  Web,  coordinated  by  MIT  in  the 
U.S.  and  INRIA  in  France. 

Internet  Engineering  Task  Force  (IETF) 

A  consensus-building  body  that  facilitates  discussion 
and  establishes  new  standards. 

Internet  Society 

An  international  organization  that  aims  to  further 
cooperation  and  coordination  for  Internet  technology 
and  applications. 

Source:  INPUT 
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